DescriptionPlack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.
SUSE informationSUSE Bugzilla entry: 892328 SUSE Security Advisories:
- openSUSE-SU-2014:1639-1, published Mon, 15 Dec 2014 13:06:29 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 13.1|| ||Patchnames: