Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
rubygem-rack.24763
CVE-2020-8161.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-8161.patch of Package rubygem-rack.24763
commit fbb9fd203e69ca9d113c067be78c3b58f005b327 Author: Jack McCracken <jack.mccracken@shopify.com> Date: Tue May 12 12:23:33 2020 -0400 Use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters [CVE-2020-8161] (cherry picked from commit dddb7ad18ed79ca6ab06ccc417a169fde451246e) diff --git a/lib/rack/directory.rb b/lib/rack/directory.rb index 98d66e02faba..0366eff141b3 100644 --- a/lib/rack/directory.rb +++ b/lib/rack/directory.rb @@ -78,13 +78,12 @@ table { width:100%%; } def list_directory @files = [['../','Parent Directory','','','']] - glob = F.join(@path, '*') url_head = (@script_name.split('/') + @path_info.split('/')).map do |part| Rack::Utils.escape part end - Dir[glob].sort.each do |node| + Dir.entries(path).reject { |e| e.start_with?('.') }.sort.each do |node| stat = stat(node) next unless stat basename = F.basename(node)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor