rails-cv-app uploaded_files_controller.rb path traversal
CVE-2014-125033

3.5LOW

Key Information:

Vendor

Rails-cv-app Project

Status
Rails-cv-app
Vendor
CVE Published:
2 January 2023

What is CVE-2014-125033?

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.

Affected Version(s)

rails-cv-app

References

https://vuldb.com/?id.217178
vdb-entrytechnical-description
https://vuldb.com/?ctiid.217178
signaturepermissions-required
https://github.com/bertrand-caron/rails-cv-app/commit/0d2...
patch

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.