Moderate severityNVD Advisory· Published Feb 8, 2013· Updated Jun 16, 2026
CVE-2013-0262
CVE-2013-0262
Description
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rackRubyGems | >= 1.5.0, < 1.5.2 | 1.5.2 |
rackRubyGems | >= 1.4.0, < 1.4.5 | 1.4.5 |
Affected products
13cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*
- ghsa-coords6 versionspkg:gem/rackpkg:rpm/opensuse/ruby3.2-rubygem-rack-2.2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-rack&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubyem-rack&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rack-2.2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Tumbleweed
>= 1.5.0, < 1.5.2+ 5 more
- (no CPE)range: >= 1.5.0, < 1.5.2
- (no CPE)range: < 2.2.7-1.1
- (no CPE)range: < 3.0.7-1.2
- (no CPE)range: < 1.4.7-1.8
- (no CPE)range: < 2.2.4-1.1
- (no CPE)range: < 2.2.3.1-1.1
Patches
Vulnerability mechanics
References
15- secunia.com/advisories/52033nvdVendor Advisory
- github.com/advisories/GHSA-85r7-w5mv-c849ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-0262ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2013-03/msg00048.htmlnvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- gist.github.com/rentzsch/4736940nvdWEB
- github.com/rack/rack/blob/master/lib/rack/file.rbnvdWEB
- github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.ymlghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/ghsaWEB
- rack.github.comnvd
- groups.google.com/forum/nvd
- groups.google.com/forum/nvd
News mentions
0No linked articles in our index yet.