Unrated severityNVD Advisory· Published Mar 4, 2008· Updated Jun 16, 2026
CVE-2008-1145
CVE-2008-1145
Description
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- osv-coords16 versionspkg:apk/chainguard/kube-fluentd-operatorpkg:apk/chainguard/kube-fluentd-operator-compatpkg:apk/chainguard/kube-fluentd-operator-default-configpkg:apk/chainguard/kube-fluentd-operator-oci-entrypointpkg:apk/chainguard/ruby3.2-webrickpkg:apk/chainguard/ruby3.3-webrickpkg:apk/chainguard/ruby3.4-webrickpkg:apk/chainguard/ruby4.0-webrickpkg:apk/wolfi/kube-fluentd-operatorpkg:apk/wolfi/kube-fluentd-operator-compatpkg:apk/wolfi/kube-fluentd-operator-default-configpkg:apk/wolfi/kube-fluentd-operator-oci-entrypointpkg:apk/wolfi/ruby3.2-webrickpkg:apk/wolfi/ruby3.3-webrickpkg:apk/wolfi/ruby3.4-webrickpkg:apk/wolfi/ruby4.0-webrick
< 0+ 15 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.9.1-r0
- (no CPE)range: < 1.9.1-r3
- (no CPE)range: < 1.9.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.9.1-r0
- (no CPE)range: < 1.9.1-r3
- (no CPE)range: < 1.9.2-r0
Patches
Vulnerability mechanics
References
29- www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/nvdExploitPatchVendor Advisory
- www.exploit-db.com/exploits/5215nvdExploitThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/29232nvdNot ApplicableVendor Advisory
- secunia.com/advisories/29357nvdNot ApplicableVendor Advisory
- support.apple.com/kb/HT2163nvdThird Party Advisory
- www.kb.cert.org/vuls/id/404515nvdThird Party AdvisoryUS Government Resource
- www.redhat.com/support/errata/RHSA-2008-0897.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/489205/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/489218/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/490056/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/28123nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/41010nvdThird Party AdvisoryVDB Entry
- www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.htmlnvdThird Party Advisory
- lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlnvdBroken LinkMailing List
- secunia.com/advisories/29536nvdNot Applicable
- secunia.com/advisories/30802nvdNot Applicable
- secunia.com/advisories/31687nvdNot Applicable
- secunia.com/advisories/32371nvdNot Applicable
- wiki.rpath.com/Advisories:rPSA-2008-0123nvdBroken Link
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0123nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.vupen.com/english/advisories/2008/0787nvdPermissions Required
- www.vupen.com/english/advisories/2008/1981/referencesnvdPermissions Required
- issues.rpath.com/browse/RPL-2338nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937nvdBroken Link
News mentions
0No linked articles in our index yet.