mongrel 1.1.2-java

1 security vulnerability found in version 1.1.2-java

Mongrel vulnerable to directory traversal via double-encoded sequences

medium severity CVE-2007-6612
medium severity CVE-2007-6612
Patched versions: ~> 1.0.5, >= 1.1.3
Unaffected versions: < 1.0.4

Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 (1.0.3 and prior are not affected) and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (.%252e).

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

Author did not declare license for this gem in the gemspec.


This gem version has a Ruby license in the source code, however it was not declared in the gemspec file.

This gem version is available.


This gem version has not been yanked and is still available for usage.