GHSA-29GR-W57F-RPFW actionpack vulnerable to Path Traversal

Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when servestaticassets is enabled, allows remote attackers to determine the existence o...

CVE-2014-7818

CVE-2014-7818 affects Ruby on Rails Action Pack, with a directory traversal in actionpack/lib/action_dispatch/middleware/static.rb when serve_static_assets is enabled. Affected: Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3. The underlying flaw all...