Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2020-8161

Published: 2 July 2020

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

From the Ubuntu Security Team

It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information.

Priority

Low

CVSS 3 base score: 8.6

Status

Package Release Status
ruby-rack
Launchpad, Ubuntu, Debian
bionic
Released (1.6.4-4ubuntu0.2)
eoan Ignored
(reached end-of-life)
focal
Released (2.0.7-2ubuntu0.1)
groovy Not vulnerable
(2.1.1-5)
hirsute Not vulnerable
(2.1.1-5)
impish Not vulnerable
(2.1.1-5)
jammy Not vulnerable
(2.1.1-5)
precise Does not exist

trusty
Released (1.5.2-3+deb8u3ubuntu1~esm2)
upstream
Released (1.5.2-3+deb8u3, 1.6.4-4+deb9u2, 2.1.1-5, 2.1.3)
xenial
Released (1.6.4-3ubuntu0.2)
Patches:
upstream: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
upstream: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa