RubySec

Providing security resources for the Ruby community

CVE-2018-7212 (rack-protection): Path traversal is possible via backslash characters on Windows.

Path traversal is possible via backslash characters on Windows.

Published: February 18, 2018

SECURITY IDENTIFIERS

GEM

rack-protection

PATCHED VERSIONS

>= 2.0.1 ~> 1.5.4

DESCRIPTION

An issue was discovered in rack-protection 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories