VYPR
Moderate severityNVD Advisory· Published Feb 8, 2013· Updated Jun 16, 2026

CVE-2013-0262

CVE-2013-0262

Description

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rackRubyGems
>= 1.5.0, < 1.5.21.5.2
rackRubyGems
>= 1.4.0, < 1.4.51.4.5

Affected products

13

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.