2014-11-08 12:55:02 2019-08-08 17:43:52

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Rubyonrails Ruby on rails 3.2.19 (not an official CPE) Rubyonrails Rails 4.2.0 Beta2 (not an official CPE) Ruby on Rails 3.0.4 Rubyonrails Rails 4.2.0 Beta1 (not an official CPE) Rubyonrails Rails 4.1.6 Rc1 (not an official CPE) Rubyonrails Rails 4.1.4 (not an official CPE) Rubyonrails Rails 4.1.5 (not an official CPE) Rubyonrails Rails 4.1.6 (not an official CPE) Rubyonrails Rails 4.1.3 (not an official CPE) Rubyonrails Rails 4.1.2 Rc3 (not an official CPE) Rubyonrails Rails 4.1.2 Rc2 (not an official CPE) Rubyonrails Rails 4.1.2 Rc1 (not an official CPE) Rubyonrails Rails 4.1.2 (not an official CPE) Rubyonrails Rails 4.1.1 (not an official CPE) Rubyonrails Rails 4.1.0 - (not an official CPE) Rubyonrails Rails 4.1.0 Beta1 (not an official CPE) Rubyonrails Rails 4.0.10 Rc1 (not an official CPE) Rubyonrails Rails 4.0.10 (not an official CPE) Rubyonrails Rails 4.0.9 (not an official CPE) Rubyonrails Rails 4.0.6 Rc3 (not an official CPE) Rubyonrails Rails 4.0.7 (not an official CPE) Rubyonrails Rails 4.0.8 (not an official CPE) Rubyonrails Rails 4.0.6 Rc1 (not an official CPE) Rubyonrails Rails 4.0.6 Rc2 (not an official CPE) Rubyonrails Rails 4.0.6 (not an official CPE) Rubyonrails Rails 4.0.4 (not an official CPE) Rubyonrails Rails 4.0.5 (not an official CPE) Rubyonrails Rails 4.0.3 (not an official CPE) Rubyonrails Rails 4.0.1 Rc3 (not an official CPE) Rubyonrails Rails 4.0.1 Rc4 (not an official CPE) Rubyonrails Rails 4.0.2 (not an official CPE) Rubyonrails Rails 4.0.1 Rc2 (not an official CPE) Rubyonrails Rails 4.0.1 Rc1 (not an official CPE) Rubyonrails Rails 4.0.1 - (not an official CPE) Rubyonrails Rails 4.0.0 Rc1 (not an official CPE) Rubyonrails Rails 4.0.0 Rc2 (not an official CPE) Rubyonrails Rails 3.2.18 (not an official CPE) Rubyonrails Rails 4.0.0 - (not an official CPE) Rubyonrails Rails 4.0.0 Beta (not an official CPE) Rubyonrails Rails 3.2.16 (not an official CPE) Rubyonrails Rails 3.2.17 (not an official CPE) Rubyonrails Rails 3.2.13 Rc2 (not an official CPE) Rubyonrails Rails 3.2.15 Rc3 (not an official CPE) Rubyonrails Rails 3.2.12 (not an official CPE) Rubyonrails Rails 3.2.13 Rc1 (not an official CPE) Rubyonrails Rails 3.2.10 (not an official CPE) Rubyonrails Rails 3.2.11 (not an official CPE) Rubyonrails Rails 3.2.8 (not an official CPE) Rubyonrails Rails 3.2.7 (not an official CPE) Rubyonrails Rails 3.2.6 (not an official CPE) Rubyonrails Rails 3.2.4 (not an official CPE) Rubyonrails Rails 3.2.4 Rc1 (not an official CPE) Rubyonrails Rails 3.2.5 (not an official CPE) Rubyonrails Rails 3.2.3 (not an official CPE) Rubyonrails Rails 3.2.3 Rc1 (not an official CPE) Rubyonrails Rails 3.2.3 Rc2 (not an official CPE) Rubyonrails Rails 3.2.2 Rc1 (not an official CPE) Rubyonrails Rails 3.2.2 (not an official CPE) Rubyonrails Rails 3.2.1 (not an official CPE) Rubyonrails Rails 3.2.0 Rc2 (not an official CPE) Rubyonrails Rails 3.2.0 (not an official CPE) Rubyonrails Rails 3.2.0 Rc1 (not an official CPE) Rubyonrails Rails 3.1.10 (not an official CPE) Rubyonrails Rails 3.1.9 (not an official CPE) Rubyonrails Rails 3.1.6 (not an official CPE) Rubyonrails Rails 3.1.7 (not an official CPE) Rubyonrails Rails 3.1.8 (not an official CPE) Rubyonrails Rails 3.1.5 Rc1 (not an official CPE) Rubyonrails Rails 3.1.4 (not an official CPE) Rubyonrails Rails 3.1.4 Rc1 (not an official CPE) Rubyonrails Rails 3.1.5 (not an official CPE) Rubyonrails Rails 3.1.3 (not an official CPE) Rubyonrails Rails 3.1.2 Rc1 (not an official CPE) Rubyonrails Rails 3.1.2 Rc2 (not an official CPE) Rubyonrails Rails 3.1.2 (not an official CPE) Rubyonrails Rails 3.1.1 Rc3 (not an official CPE) Rubyonrails Rails 3.1.1 Rc2 (not an official CPE) Rubyonrails Rails 3.1.1 Rc1 (not an official CPE) Rubyonrails Rails 3.1.1 (not an official CPE) Rubyonrails Rails 3.1.0 Rc8 (not an official CPE) Rubyonrails Rails 3.1.0 Rc7 (not an official CPE) Rubyonrails Rails 3.1.0 Rc6 (not an official CPE) Rubyonrails Rails 3.1.0 Rc5 (not an official CPE) Rubyonrails Rails 3.1.0 Rc4 (not an official CPE) Rubyonrails Rails 3.1.0 Rc3 (not an official CPE) Rubyonrails Rails 3.1.0 Rc2 (not an official CPE) Rubyonrails Rails 3.1.0 Rc1 (not an official CPE) Rubyonrails Rails 3.1.0 Beta1 (not an official CPE) Rubyonrails Rails 3.1.0 (not an official CPE) Rubyonrails Rails 3.0.20 (not an official CPE) Rubyonrails Rails 3.0.19 (not an official CPE) Rubyonrails Rails 3.0.17 (not an official CPE) Rubyonrails Rails 3.0.18 (not an official CPE) Rubyonrails Rails 3.0.16 (not an official CPE) Rubyonrails Rails 3.0.14 (not an official CPE) Rubyonrails Rails 3.0.12 (not an official CPE) Rubyonrails Rails 3.0.12 Rc1 (not an official CPE) Rubyonrails Rails 3.0.13 (not an official CPE) Rubyonrails Rails 3.0.13 Rc1 (not an official CPE) Rubyonrails Rails 3.0.10 Rc1 (not an official CPE) Rubyonrails Rails 3.0.11 (not an official CPE) Rubyonrails Rails 3.0.9 Rc5 (not an official CPE) Rubyonrails Rails 3.0.10 (not an official CPE) Rubyonrails Rails 3.0.9 Rc4 (not an official CPE) Rubyonrails Rails 3.0.9 Rc3 (not an official CPE) Rubyonrails Rails 3.0.9 Rc2 (not an official CPE) Rubyonrails Rails 3.0.9 Rc1 (not an official CPE) Rubyonrails Rails 3.0.8 Rc4 (not an official CPE) Rubyonrails Rails 3.0.9 (not an official CPE) Rubyonrails Rails 3.0.8 Rc3 (not an official CPE) Rubyonrails Rails 3.0.8 Rc2 (not an official CPE) Rubyonrails Rails 3.0.8 (not an official CPE) Rubyonrails Rails 3.0.8 Rc1 (not an official CPE) Rubyonrails Rails 3.0.7 Rc1 (not an official CPE) Rubyonrails Rails 3.0.7 Rc2 (not an official CPE) Rubyonrails Rails 3.0.6 Rc2 (not an official CPE) Rubyonrails Rails 3.0.7 (not an official CPE) Rubyonrails Rails 3.0.6 Rc1 (not an official CPE) Rubyonrails Rails 3.0.5 Rc1 (not an official CPE) Rubyonrails Rails 3.0.6 (not an official CPE) Rubyonrails Rails 3.0.5 (not an official CPE) Rubyonrails Rails 3.0.4 Rc1 (not an official CPE) Rubyonrails Rails 3.0.3 (not an official CPE) Rubyonrails Rails 3.0.2 Pre (not an official CPE) Rubyonrails Rails 3.0.2 (not an official CPE) Rubyonrails Rails 3.0.1 Pre (not an official CPE) Rubyonrails Rails 3.0.1 (not an official CPE) Rubyonrails Rails 3.0.0 Rc2 (not an official CPE) Rubyonrails Rails 3.0.0 Rc (not an official CPE) Rubyonrails Rails 3.0.0 Beta4 (not an official CPE) Rubyonrails Rails 3.0.0 Beta3 (not an official CPE) Rubyonrails Rails 3.0.0 Beta2 (not an official CPE) Rubyonrails Rails 3.0.0 Beta (not an official CPE) Rubyonrails Rails 3.0.0 (not an official CPE)