CVE-2018-7212: Path traversal on Windows

February 18, 2018 (updated March 19, 2018)

Path traversal is possible via backslash characters on Windows. An attacker could access arbitrary files and directories stored on the file system.

References

github.com/sinatra/rack-protection/pull/120
github.com/sinatra/rack-protection/pull/120/commits/4239c2f189a73dfc93e957fc97adcbcbc0ed31c6
github.com/sinatra/sinatra/commit/d17aa95f5056c52daf5d7c3170fbfd831dc96381
github.com/sinatra/sinatra/pull/1379

Code Behaviors & Features

Detect and mitigate CVE-2018-7212 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →