Upstream information
Description
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
SUSE Bugzilla entry: 892328 [RESOLVED / FIXED]SUSE Security Advisories:
- openSUSE-SU-2014:1639-1
SUSE Timeline for this CVE
CVE page created: Mon Aug 18 06:40:47 2014CVE page last modified: Thu Dec 7 13:07:38 2023