PT-2013-2197 · Rack+1 · Rack+1

Raggic

·

Published

2013-02-08

·

Updated

2026-03-13

·

CVE-2013-0262

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Rack versions 1.4.x through 1.4.4 Rack versions 1.5.x through 1.5.1
Description The issue allows attackers to access arbitrary files outside the intended root directory via a crafted PATH INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, also known as "symlink path traversals."
Recommendations For Rack versions 1.4.x through 1.4.4, update to version 1.4.5 or later. For Rack versions 1.5.x through 1.5.1, update to version 1.5.2 or later.

Exploit

Fix

Path traversal

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2013-0262
GHSA-85R7-W5MV-C849
OPENSUSE-SU-2024:10115-1
OPENSUSE-SU-2024:10406-1
OPENSUSE-SU-2024:11344-1
OPENSUSE-SU-2024:11345-1
OPENSUSE-SU-2024:11346-1
OPENSUSE-SU-2024:12119-1
OPENSUSE-SU-2024:12397-1
OPENSUSE-SU-2024:12974-1
OPENSUSE-SU-2024:13167-1
OPENSUSE-SU-2024:13726-1
OPENSUSE-SU-2024:13727-1
OPENSUSE-SU-2025:14811-1
OPENSUSE-SU-2025:14875-1
OPENSUSE-SU-2026:10286-1
OPENSUSE-SU-2026:10358-1
RHSA-2013:0638

Affected Products

Rack
Suse