CVE-2014-7818

Опубликовано: 31 окт. 2014

Источник: redhat

CVSS2: 5

Описание

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
CloudForms Management Engine 5	ruby193-rubygem-actionpack	Will not fix
Red Hat OpenStack Platform 4	ruby193-rubygem-actionpack	Will not fix
Red Hat Software Collections	ror40-rubygem-actionpack	Will not fix
Red Hat Software Collections	ruby193-rubygem-actionpack	Will not fix
Red Hat Subscription Asset Manager	ruby193-rubygem-actionpack	Will not fix
Red Hat Subscription Asset Manager	rubygem-actionpack	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-22->CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1161499rubygem-actionpack: arbitrary file existence disclosure

5 Medium

CVSS2

Связанные уязвимости

CVE-2014-7818

ubuntu

около 11 лет назад

CVE-2014-7818

nvd

около 11 лет назад

CVE-2014-7818

debian

около 11 лет назад

Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...

GHSA-29gr-w57f-rpfw

github

больше 8 лет назад

actionpack vulnerable to Path Traversal

5 Medium

CVSS2