You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Wicked gem contains Path traversal vulnerability
Moderate severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Jul 4, 2023
The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/render_redirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system.
The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in
controller/concerns/render_redirect.rb
. An attacker can send a specially-crafted URL request containing%2E%2E%2F
directory traversal sequences to read arbitrary files on the system.References