Upstream information

CVE-2014-5269 at MITRE

Description

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 892328 [RESOLVED / FIXED]

SUSE Security Advisories:

    openSUSE-SU-2014:1639-1


SUSE Timeline for this CVE

CVE page created: Mon Aug 18 06:40:47 2014
CVE page last modified: Thu Dec 7 13:07:38 2023