4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
66.6%
Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Action Pack implements the controller and the
view components.
A directory traversal flaw was found in the way Ruby on Rails handled
wildcard segments in routes with implicit rendering. A remote attacker
could use this flaw to retrieve arbitrary local files accessible to a Ruby
on Rails application using the aforementioned routes via a specially
crafted request. (CVE-2014-0130)
All ruby193-rubygem-actionpack users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | ruby193-rubygem-actionpack-doc | < 3.2.8-5.5.el6 | ruby193-rubygem-actionpack-doc-3.2.8-5.5.el6.noarch.rpm |
RedHat | 6 | noarch | ruby193-rubygem-actionpack | < 3.2.8-5.5.el6 | ruby193-rubygem-actionpack-3.2.8-5.5.el6.noarch.rpm |
RedHat | 6 | src | ruby193-rubygem-actionpack | < 3.2.8-5.5.el6 | ruby193-rubygem-actionpack-3.2.8-5.5.el6.src.rpm |