4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.6%
CentOS Errata and Security Advisory CESA-2014:0510
Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Action Pack implements the controller and the
view components.
A directory traversal flaw was found in the way Ruby on Rails handled
wildcard segments in routes with implicit rendering. A remote attacker
could use this flaw to retrieve arbitrary local files accessible to a Ruby
on Rails application using the aforementioned routes via a specially
crafted request. (CVE-2014-0130)
All ruby193-rubygem-actionpack users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-May/082470.html
Affected packages:
ruby193-rubygem-actionpack
ruby193-rubygem-actionpack-doc
Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0510
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | noarch | ruby193-rubygem-actionpack | <Β 3.2.8-5.5.el6.centos.alt | ruby193-rubygem-actionpack-3.2.8-5.5.el6.centos.alt.noarch.rpm |
CentOS | 6 | noarch | ruby193-rubygem-actionpack-doc | <Β 3.2.8-5.5.el6.centos.alt | ruby193-rubygem-actionpack-doc-3.2.8-5.5.el6.centos.alt.noarch.rpm |