File rubygem-rack-CVE-2020-8161.patch of Package rubygem-rack.28303

--- a/lib/rack/directory.rb	2022-09-15 14:33:22.938994438 +0000
+++ b/lib/rack/directory.rb	2022-09-15 14:34:46.927552221 +0000
@@ -103,13 +103,13 @@ table { width:100%%; }
 
     def list_directory(path_info, path, script_name)
       files = [['../','Parent Directory','','','']]
-      glob = ::File.join(path, '*')
 
       url_head = (script_name.split('/') + path_info.split('/')).map do |part|
         Rack::Utils.escape_path part
       end
 
-      Dir[glob].sort.each do |node|
+      Dir.entries(path).reject { |e| e.start_with?('.') }.sort.each do |node|
+        node = ::File.join path, node
         stat = stat(node)
         next unless stat
         basename = ::File.basename(node)

Places

File rubygem-rack-CVE-2020-8161.patch of Package rubygem-rack.28303

Places