Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RubyGems Wicked 目录遍历漏洞
Vulnerability Description
RubyGems是RubyGems组织的一款Ruby程序包管理器,它主要用于发布和管理Ruby程序包。Wicked是其中的一个Rails引擎。 Wicked gem for Ruby 1.0.0及之前版本中的controller/concerns/render_redirect.rb文件存在目录遍历漏洞。远程攻击者可借助目录遍历序列(../)利用该漏洞读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A