Bug 1802282 (CVE-2018-7212)
| Summary: | CVE-2018-7212 rubygem-sinatra: path traversal via backslash characters | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | bbuckingham, bcourt, bkearney, btotty, cfeist, cluster-maint, dbecker, dominic, hhorak, hhudgeon, hvyas, idevat, jaruga, jjoyce, jorton, jschluet, kbasil, lhh, lkundrak, lpeer, lzap, mburns, mlisik, mmccune, mpospisi, omular, puebele, rchan, rhos-maint, rjerrido, ruby-maint, ruby-packagers-sig, sclewis, sisharma, slinaber, sokeeffe, tojeline, valtri, vbellur, vondruch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sinatra 2.0.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra version 2.x before 2.0.1 on Windows. This flaw allows for path traversal on the system that contains backslash characters in the path. This flaw only affects Sinatra on Windows, Linux platforms are not affected.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-03 01:40:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1802283 | ||
|
Description
Guilherme de Almeida Suckevicz
2020-02-12 19:21:22 UTC
|