Frederick Cheung
2014-May-07 11:10 UTC
[CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configuration
For anyone who doesn't subscribe to the security list (you should!) https://groups.google.com/forum/#!msg/rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ You may want to note that an earlier advisory made out that only apps using *action in their routes were affected, but this turned out not to be true Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/f5fb04f1-d325-4b03-9a3b-2ffca619201b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Seemingly Similar Threads
- Perl Unsafe Module Path Handling Directory Traversal Vulnerability ( CVE-2016-1238)
- CVE-2021-29157: oauth2 JWT local validation path traversal
- CVE-2021-29157: oauth2 JWT local validation path traversal
- Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
- Puppet Enterprise hotfixes for Ruby on Rails JSON Parser vulnerability [ CVE-2013-0333 ]