Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0130

Опубликовано: 06 мая 2014
Источник: redhat
CVSS2: 7.5
EPSS Средний

Описание

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1ruby193-rubygem-actionpackWill not fix
Red Hat OpenStack Platform 3ruby193-rubygem-actionpackWill not fix
Red Hat OpenStack Platform 4ruby193-rubygem-actionpackWill not fix
Red Hat Software Collectionsror40-rubygem-actionpackAffected
Red Hat Subscription Asset Managerrubygem-actionpackAffected
CloudForms Management Engine 5.xcfmeFixedRHSA-2014:081630.06.2014
CloudForms Management Engine 5.xruby193-rubygem-actionpackFixedRHSA-2014:081630.06.2014
Red Hat Software Collections for RHEL-6ruby193-rubygem-actionpackFixedRHSA-2014:051015.05.2014
Red Hat Subscription Asset Manager 1.4katelloFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-actionmailerFixedRHSA-2014:186317.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20->CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1095105rubygem-actionpack: directory traversal issue

EPSS

Процентиль: 98%
0.45374
Средний

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-0130

CVSS3: 7.5
ubuntu
почти 12 лет назад

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

nvd логотип

CVE-2014-0130

CVSS3: 7.5
nvd
почти 12 лет назад

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

debian логотип

CVE-2014-0130

CVSS3: 7.5
debian
почти 12 лет назад

Directory traversal vulnerability in actionpack/lib/abstract_controlle ...

github логотип

GHSA-6x85-j5j2-27jx

CVSS3: 7.5
github
больше 8 лет назад

actionpack Path Traversal vulnerability

EPSS

Процентиль: 98%
0.45374
Средний

7.5 High

CVSS2