Sha256: 74b23768e1d1a1fd0ea42e44ceeee48fb59d8f1c6c1c39595ac4594c134598e4

Contents?: true

Size: 734 Bytes

Versions: 6

Compression:

Stored size: 734 Bytes

Contents

---
gem: actionpack
framework: rails
cve: 2014-0130
url: https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
title: Directory Traversal Vulnerability With Certain Route Configurations
date: 2014-05-06

description: |
  There is a vulnerability in the 'implicit render'
  functionality in Ruby on Rails.The implicit render functionality
  allows controllers to render a template, even if there is no
  explicit action with the corresponding name.  This module does not
  perform adequate input sanitization which could allow an attacker to
  use a specially crafted request to retrieve arbitrary files from the
  rails application server.

cvss_v2: 4.3

patched_versions:
  - ~> 3.2.18
  - ~> 4.0.5
  - ">= 4.1.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml