-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2014-7829.yml
More file actions
23 lines (23 loc) · 748 Bytes
/
CVE-2014-7829.yml
File metadata and controls
23 lines (23 loc) · 748 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
---
gem: actionpack
framework: rails
cve: 2014-7829
ghsa: h56m-vwxc-3qpw
url: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
title: Arbitrary file existence disclosure in Action Pack
date: 2014-11-17
description: |
Specially crafted requests can be used to determine whether a file exists on
the filesystem that is outside the Rails application's root directory. The
files will not be served, but attackers can determine whether or not the file
exists. This vulnerability is very similar to CVE-2014-7818, but the
specially crafted string is slightly different.
cvss_v2: 5.0
unaffected_versions:
- "< 3.0.0"
patched_versions:
- "~> 3.2.21"
- "~> 4.0.11.1"
- "~> 4.0.12"
- "~> 4.1.7.1"
- ">= 4.1.8"