VYPR

RubyGems package

mongrel

pkg:gem/mongrel

Vulnerabilities (1)

  • CVE-2007-6612Jan 3, 2008
    affected >= 1.0.4, < 1.0.5fixed 1.0.5

    Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").