GHSA-6x85-j5j2-27jx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6x85-j5j2-27jx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-6x85-j5j2-27jx/GHSA-6x85-j5j2-27jx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6x85-j5j2-27jx
- Aliases
-
- CVE-2014-0130
- Published
- 2017-10-24T18:33:36Z
- Modified
- 2024-12-08T05:34:42.409952Z
- Summary
- actionpack Path Traversal vulnerability
- Details
-
Directory traversal vulnerability in
actionpack/lib/abstract_controller/base.rbin the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. - Database specific
{ "nvd_published_at": "2014-05-07T10:55:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:20:36Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0130
- https://access.redhat.com/errata/RHSA-2014:0510
- https://access.redhat.com/errata/RHSA-2014:0816
- https://access.redhat.com/errata/RHSA-2014:1863
- https://access.redhat.com/security/cve/CVE-2014-0130
- https://bugzilla.redhat.com/show_bug.cgi?id=1095105
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml
- https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
- https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244
- https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
- https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
- http://rhn.redhat.com/errata/RHSA-2014-1863.html
Affected packages
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4.rc1
3.0.4
3.0.5.rc1
3.0.5
3.0.6.rc1
3.0.6.rc2
3.0.6
3.0.7.rc1
3.0.7.rc2
3.0.7
3.0.8.rc1
3.0.8.rc2
3.0.8.rc4
3.0.8
3.0.9.rc1
3.0.9.rc3
3.0.9.rc4
3.0.9.rc5
3.0.9
3.0.10.rc1
3.0.10
3.0.11
3.0.12.rc1
3.0.12
3.0.13.rc1
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.1.0.beta1
3.1.0.rc1
3.1.0.rc2
3.1.0.rc3
3.1.0.rc4
3.1.0.rc5
3.1.0.rc6
3.1.0.rc8
3.1.0
3.1.1.rc1
3.1.1.rc2
3.1.1.rc3
3.1.1
3.1.2.rc1
3.1.2.rc2
3.1.2
3.1.3
3.1.4.rc1
3.1.4
3.1.5.rc1
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.2.0.rc1
3.2.0.rc2
3.2.0
3.2.1
3.2.2.rc1
3.2.2
3.2.3.rc1
3.2.3.rc2
3.2.3
3.2.4.rc1
3.2.4
3.2.5
3.2.6
3.2.7.rc1
3.2.7
3.2.8.rc1
3.2.8.rc2
3.2.8
3.2.9.rc1
3.2.9.rc2
3.2.9.rc3
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13.rc1
3.2.13.rc2
3.2.13
3.2.14.rc1
3.2.14.rc2
3.2.14
3.2.15.rc1
3.2.15.rc2
3.2.15.rc3
3.2.15
3.2.16
3.2.17
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack