CVE-2014-0130 - Ruby on Rails Directory Traversal Vulnerability
Project:Rails
Product:Ruby on Rails
Date Added:2022-03-25Due Date:2022-04-15
Vulnerability Name
Ruby on Rails Directory Traversal Vulnerability
Description
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-0130