Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails prior to 3.2.18, 4.0.x prior to 4.0.5, and 4.1.x prior to 4.1.1, when certain route globbing configurations are enabled, allows remote malicious users to read arbitrary files via a crafted request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
redhat subscription asset manager |
||
rubyonrails ruby on rails |
||
rubyonrails rails 4.0.0 |
||
rubyonrails rails 4.0.1 |
||
rubyonrails rails 4.0.2 |
||
rubyonrails rails 4.1.0 |
||
rubyonrails rails 3.2.0 |
||
rubyonrails rails 3.2.7 |
||
rubyonrails rails 3.2.8 |
||
rubyonrails rails 3.2.9 |
||
rubyonrails rails 3.2.13 |
||
rubyonrails rails 3.2.15 |
||
rubyonrails rails 4.0.4 |
||
rubyonrails rails 3.2.1 |
||
rubyonrails rails 3.2.5 |
||
rubyonrails rails 3.2.6 |
||
rubyonrails rails 3.2.10 |
||
rubyonrails rails 3.2.11 |
||
rubyonrails rails 3.2.12 |
||
rubyonrails rails 3.2.16 |
||
rubyonrails rails 4.0.3 |
||
rubyonrails rails 3.2.2 |
||
rubyonrails rails 3.2.3 |
||
rubyonrails rails 3.2.4 |
Vulmon