Moderate severity vulnerability that affects actionpack

GHSA-qf5x-qgx7-437h

Published Sep 17, 2018 · Modified Dec 2, 2024

Description

Withdrawn, accidental duplicate publish.

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-0130
ADVISORY https://github.com/advisories/GHSA-qf5x-qgx7-437h

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes