Sha256: 8a37de14ca5fdcae277b82ec3f3f4679e43f5843d310b1e73c39384da0a7b96e

Contents?: true

Size: 599 Bytes

Versions: 6

Compression:

Stored size: 599 Bytes

Contents

---
gem: actionpack
framework: rails
cve: 2014-7818
url: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
title: Arbitrary file existence disclosure in Action Pack
date: 2014-10-30

description: |
  Specially crafted requests can be used to determine whether a file exists on
  the filesystem that is outside the Rails application's root directory.  The
  files will not be served, but attackers can determine whether or not the file
  exists.

cvss_v2: 4.3

unaffected_versions:
  - "< 3.0.0"

patched_versions:
  - ~> 3.2.20
  - ~> 4.0.11
  - ~> 4.1.7
  - ">= 4.2.0.beta3"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml