CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 03, 2013
- Published Date
- May 07, 2014
- Last Updated
- February 07, 2025
- Vendor
- Ruby on Rails
- Product
- Ruby on Rails
- Description
- Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-03-25 00:00:00 UTC) Source
ruby
cisa
CVSS Scores
CVSS v3.1
7.5 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-25 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel