Directory Traversal Vulnerability in Action Pack of Ruby on Rails
CVE-2014-7818

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Ruby On Rails
Rails
Vendor
CVE Published:
8 November 2014

What is CVE-2014-7818?

A directory traversal vulnerability exists in the Action Pack component of Ruby on Rails, specifically within the middleware handling static assets. When the serve_static_assets feature is enabled, remote attackers can exploit this vulnerability to reveal the existence of files outside the application’s root directory by utilizing a crafted request containing a /..%2F sequence. This poses a serious threat as it can lead to unauthorized information disclosure, potentially allowing attackers to access sensitive files and configurations stored on the server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://puppet.com/security/cve/cve-2014-7829
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-11/msg001...
vendor-advisoryx_refsource_SUSE
https://groups.google.com/forum/message/raw?msg=rubyonrai...
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.