Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: sinatra
date: 2018-01-09
url: https://github.com/sinatra/sinatra/pull/1379
cve: 2018-7212
title: sinatra ruby gem path traversal via backslash characters on Windows
description: |
  An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb
  in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash
  characters.
cvss_v2: '5.0'
cvss_v3: '5.3'
unaffected_versions:
- "< 2.0.0"
patched_versions:
- ">= 2.0.1"