5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.5%
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and
ActiveResource servers to determine the existence of arbitrary files and
read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method,
which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading
passwords from the Pidgin (Gaim) .purple/accounts.xml file.