{"id":"CVE-2020-8161","details":"A directory traversal vulnerability exists in rack \u003c 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.","aliases":["GHSA-5f9h-9pjv-v6j7"],"modified":"2026-05-15T12:04:16.390391623Z","published":"2020-07-02T19:15:12.357Z","related":["SUSE-SU-2020:2678-1","SUSE-SU-2022:3347-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"],"extracted_events":[{"last_affected":"18.04"}],"vendor_product":"canonical:ubuntu_linux"},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}],"vendor_product":"debian:debian_linux"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4561-1/"},{"type":"REPORT","url":"https://hackerone.com/reports/434404"},{"type":"FIX","url":"https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}]}