VYPR

rpm package

opensuse/rubyem-rack&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubyem-rack&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2013-0263Feb 8, 2013
    affected < 1.4.7-1.8fixed 1.4.7-1.8

    Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison

  • CVE-2013-0262Feb 8, 2013
    affected < 1.4.7-1.8fixed 1.4.7-1.8

    rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka