cve/CVE-2014-0130.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

POC

Reference

https://hackerone.com/reports/3370

Github

https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/jasnow/585-652-ruby-advisory-db
https://github.com/omarkurt/cve-2014-0130
https://github.com/rubysec/ruby-advisory-db
https://github.com/wrbejar/fake_ruby
https://github.com/xthk/fake-vulnerabilities-ruby-bundler
https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147-

1.1 KiB Raw Blame History

CVE-2014-0130

Description

POC

Reference

Github

1.1 KiB

Raw Blame History