CVE-2013-4413: Wicked gem contains Path traversal vulnerability
(updated )
The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/render_redirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system.
References
- exchange.xforce.ibmcloud.com/vulnerabilities/87783
- github.com/advisories/GHSA-rprj-g6xc-p5gq
- github.com/rubysec/ruby-advisory-db/blob/master/gems/wicked/CVE-2013-4413.yml
- github.com/schneems/wicked
- github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53
- nvd.nist.gov/vuln/detail/CVE-2013-4413
- web.archive.org/web/20210508170740/http://www.securityfocus.com/bid/62891
Code Behaviors & Features
Detect and mitigate CVE-2013-4413 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →