Moderate severityNVD Advisory· Published Mar 11, 2014· Updated Jun 16, 2026
CVE-2013-4413
CVE-2013-4413
Description
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wickedRubyGems | < 1.0.1 | 1.0.1 |
Affected products
21cpe:2.3:a:schneems:wicked:0.0.1:*:*:*:*:ruby:*:*+ 19 more
- cpe:2.3:a:schneems:wicked:0.0.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.0.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.1.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.1.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.1.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.1.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.1.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.1.5:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.1.6:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.2.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.3.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.3.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.3.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.3.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.3.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.4.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.5.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.6.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:0.6.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:schneems:wicked:*:*:*:*:*:ruby:*:*range: <=1.0.0
Patches
Vulnerability mechanics
References
9- seclists.org/oss-sec/2013/q4/43nvdPatchWEB
- github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53nvdExploitPatchWEB
- secunia.com/advisories/55151nvdVendor Advisory
- github.com/advisories/GHSA-rprj-g6xc-p5gqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4413ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/87783nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/wicked/CVE-2013-4413.ymlghsaWEB
- web.archive.org/web/20210508170740/http://www.securityfocus.com/bid/62891ghsaWEB
- www.securityfocus.com/bid/62891nvd
News mentions
0No linked articles in our index yet.