VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
epss	0.01256	https://api.first.org/data/v1/epss?cve=CVE-2013-0262
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=909071
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=909072
generic_textual	MODERATE	https://gist.github.com/rentzsch/4736940
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-85r7-w5mv-c849
generic_textual	MODERATE	https://github.com/rack/rack
generic_textual	MODERATE	https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56
generic_textual	MODERATE	https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml
generic_textual	MODERATE	https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ
generic_textual	MODERATE	https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2013-0262
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-0262

System

Score

Found at

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

epss

0.01256

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

generic_textual

MODERATE

https://bugzilla.redhat.com/show_bug.cgi?id=909071

generic_textual

MODERATE

https://bugzilla.redhat.com/show_bug.cgi?id=909072

generic_textual

MODERATE

https://gist.github.com/rentzsch/4736940

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-85r7-w5mv-c849

generic_textual

MODERATE

https://github.com/rack/rack

generic_textual

MODERATE

https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56

generic_textual

MODERATE

https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30

generic_textual

MODERATE

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml

generic_textual

MODERATE

https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

generic_textual

MODERATE

https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

cvssv2

4.3

https://nvd.nist.gov/vuln/detail/CVE-2013-0262

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2013-0262

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

http://rack.github.com/

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json

https://api.first.org/data/v1/epss?cve=CVE-2013-0262

https://bugzilla.redhat.com/show_bug.cgi?id=909071

https://bugzilla.redhat.com/show_bug.cgi?id=909072

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262

http://secunia.com/advisories/52033

https://gist.github.com/rentzsch/4736940

https://github.com/rack/rack

https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56

https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml

https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

https://nvd.nist.gov/vuln/detail/CVE-2013-0262

700173

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173

cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*

GHSA-85r7-w5mv-c849

https://github.com/advisories/GHSA-85r7-w5mv-c849

GLSA-201405-10

https://security.gentoo.org/glsa/201405-10

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:48.036369+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2013-0262.yml	38.0.0

2026-04-01T12:46:48.036369+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2013-0262.yml

38.0.0

Vulnerability ID	VCID-35e6-cpn8-w7h1
Aliases	CVE-2013-0262 GHSA-85r7-w5mv-c849 OSV-89938
Summary	Symlink path traversal in Rack::File Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.79329
EPSS Score	0.01256
Published At	April 1, 2026, 12:55 p.m.