2014-11-19 00:59:03 2019-08-08 17:43:52

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Rubyonrails Ruby on rails 4.0.11 (not an official CPE) Rubyonrails Ruby on rails 3.2.19 (not an official CPE) Rubyonrails Ruby on rails 3.2.20 (not an official CPE) Rubyonrails Rails 4.2.0 Beta3 (not an official CPE) Ruby on Rails 3.0.4 Rubyonrails Rails 4.1.7 (not an official CPE) Rubyonrails Rails 4.2.0 Beta1 (not an official CPE) Rubyonrails Rails 4.2.0 Beta2 (not an official CPE) Rubyonrails Rails 4.1.6 Rc1 (not an official CPE) Rubyonrails Rails 4.1.6 (not an official CPE) Rubyonrails Rails 4.1.4 (not an official CPE) Rubyonrails Rails 4.1.5 (not an official CPE) Rubyonrails Rails 4.1.2 Rc3 (not an official CPE) Rubyonrails Rails 4.1.3 (not an official CPE) Rubyonrails Rails 4.1.2 Rc2 (not an official CPE) Rubyonrails Rails 4.1.2 (not an official CPE) Rubyonrails Rails 4.1.2 Rc1 (not an official CPE) Rubyonrails Rails 4.1.1 (not an official CPE) Rubyonrails Rails 4.0.10 (not an official CPE) Rubyonrails Rails 4.0.10 Rc1 (not an official CPE) Rubyonrails Rails 4.1.0 - (not an official CPE) Rubyonrails Rails 4.1.0 Beta1 (not an official CPE) Rubyonrails Rails 4.0.9 (not an official CPE) Rubyonrails Rails 4.0.7 (not an official CPE) Rubyonrails Rails 4.0.8 (not an official CPE) Rubyonrails Rails 4.0.6 Rc1 (not an official CPE) Rubyonrails Rails 4.0.6 Rc2 (not an official CPE) Rubyonrails Rails 4.0.6 Rc3 (not an official CPE) Rubyonrails Rails 4.0.5 (not an official CPE) Rubyonrails Rails 4.0.6 (not an official CPE) Rubyonrails Rails 4.0.2 (not an official CPE) Rubyonrails Rails 4.0.3 (not an official CPE) Rubyonrails Rails 4.0.4 (not an official CPE) Rubyonrails Rails 4.0.1 Rc1 (not an official CPE) Rubyonrails Rails 4.0.1 Rc2 (not an official CPE) Rubyonrails Rails 4.0.1 Rc3 (not an official CPE) Rubyonrails Rails 4.0.1 Rc4 (not an official CPE) Rubyonrails Rails 4.0.1 - (not an official CPE) Rubyonrails Rails 4.0.0 - (not an official CPE) Rubyonrails Rails 4.0.0 Beta (not an official CPE) Rubyonrails Rails 4.0.0 Rc1 (not an official CPE) Rubyonrails Rails 4.0.0 Rc2 (not an official CPE) Rubyonrails Rails 3.2.18 (not an official CPE) Rubyonrails Rails 3.2.17 (not an official CPE) Rubyonrails Rails 3.2.16 (not an official CPE) Rubyonrails Rails 3.2.12 (not an official CPE) Rubyonrails Rails 3.2.13 Rc1 (not an official CPE) Rubyonrails Rails 3.2.13 Rc2 (not an official CPE) Rubyonrails Rails 3.2.15 Rc3 (not an official CPE) Rubyonrails Rails 3.2.11 (not an official CPE) Rubyonrails Rails 3.2.6 (not an official CPE) Rubyonrails Rails 3.2.7 (not an official CPE) Rubyonrails Rails 3.2.8 (not an official CPE) Rubyonrails Rails 3.2.10 (not an official CPE) Rubyonrails Rails 3.2.4 (not an official CPE) Rubyonrails Rails 3.2.4 Rc1 (not an official CPE) Rubyonrails Rails 3.2.5 (not an official CPE) Rubyonrails Rails 3.2.3 Rc1 (not an official CPE) Rubyonrails Rails 3.2.3 Rc2 (not an official CPE) Rubyonrails Rails 3.2.2 Rc1 (not an official CPE) Rubyonrails Rails 3.2.3 (not an official CPE) Rubyonrails Rails 3.2.2 (not an official CPE) Rubyonrails Rails 3.2.1 (not an official CPE) Rubyonrails Rails 3.2.0 Rc2 (not an official CPE) Rubyonrails Rails 3.2.0 (not an official CPE) Rubyonrails Rails 3.2.0 Rc1 (not an official CPE) Rubyonrails Rails 3.1.10 (not an official CPE) Rubyonrails Rails 3.1.9 (not an official CPE) Rubyonrails Rails 3.1.8 (not an official CPE) Rubyonrails Rails 3.1.7 (not an official CPE) Rubyonrails Rails 3.1.5 Rc1 (not an official CPE) Rubyonrails Rails 3.1.6 (not an official CPE) Rubyonrails Rails 3.1.5 (not an official CPE) Rubyonrails Rails 3.1.4 Rc1 (not an official CPE) Rubyonrails Rails 3.1.4 (not an official CPE) Rubyonrails Rails 3.1.3 (not an official CPE) Rubyonrails Rails 3.1.2 Rc2 (not an official CPE) Rubyonrails Rails 3.1.2 Rc1 (not an official CPE) Rubyonrails Rails 3.1.2 (not an official CPE) Rubyonrails Rails 3.1.1 Rc3 (not an official CPE) Rubyonrails Rails 3.1.1 Rc2 (not an official CPE) Rubyonrails Rails 3.1.1 Rc1 (not an official CPE) Rubyonrails Rails 3.1.0 Rc6 (not an official CPE) Rubyonrails Rails 3.1.0 Rc7 (not an official CPE) Rubyonrails Rails 3.1.0 Rc8 (not an official CPE) Rubyonrails Rails 3.1.1 (not an official CPE) Rubyonrails Rails 3.1.0 Rc5 (not an official CPE) Rubyonrails Rails 3.1.0 Rc4 (not an official CPE) Rubyonrails Rails 3.1.0 Rc3 (not an official CPE) Rubyonrails Rails 3.1.0 Rc1 (not an official CPE) Rubyonrails Rails 3.1.0 Rc2 (not an official CPE) Rubyonrails Rails 3.1.0 (not an official CPE) Rubyonrails Rails 3.1.0 Beta1 (not an official CPE) Rubyonrails Rails 3.0.20 (not an official CPE) Rubyonrails Rails 3.0.19 (not an official CPE) Rubyonrails Rails 3.0.18 (not an official CPE) Rubyonrails Rails 3.0.17 (not an official CPE) Rubyonrails Rails 3.0.16 (not an official CPE) Rubyonrails Rails 3.0.14 (not an official CPE) Rubyonrails Rails 3.0.13 Rc1 (not an official CPE) Rubyonrails Rails 3.0.13 (not an official CPE) Rubyonrails Rails 3.0.12 Rc1 (not an official CPE) Rubyonrails Rails 3.0.11 (not an official CPE) Rubyonrails Rails 3.0.12 (not an official CPE) Rubyonrails Rails 3.0.10 Rc1 (not an official CPE) Rubyonrails Rails 3.0.9 Rc5 (not an official CPE) Rubyonrails Rails 3.0.10 (not an official CPE) Rubyonrails Rails 3.0.9 Rc4 (not an official CPE) Rubyonrails Rails 3.0.9 Rc3 (not an official CPE) Rubyonrails Rails 3.0.9 Rc1 (not an official CPE) Rubyonrails Rails 3.0.9 Rc2 (not an official CPE) Rubyonrails Rails 3.0.9 (not an official CPE) Rubyonrails Rails 3.0.8 Rc3 (not an official CPE) Rubyonrails Rails 3.0.8 Rc4 (not an official CPE) Rubyonrails Rails 3.0.8 Rc2 (not an official CPE) Rubyonrails Rails 3.0.8 Rc1 (not an official CPE) Rubyonrails Rails 3.0.8 (not an official CPE) Rubyonrails Rails 3.0.7 Rc1 (not an official CPE) Rubyonrails Rails 3.0.7 Rc2 (not an official CPE) Rubyonrails Rails 3.0.7 (not an official CPE) Rubyonrails Rails 3.0.6 Rc2 (not an official CPE) Rubyonrails Rails 3.0.6 Rc1 (not an official CPE) Rubyonrails Rails 3.0.6 (not an official CPE) Rubyonrails Rails 3.0.5 (not an official CPE) Rubyonrails Rails 3.0.5 Rc1 (not an official CPE) Rubyonrails Rails 3.0.3 (not an official CPE) Rubyonrails Rails 3.0.4 Rc1 (not an official CPE) Rubyonrails Rails 3.0.2 (not an official CPE) Rubyonrails Rails 3.0.2 Pre (not an official CPE) Rubyonrails Rails 3.0.1 (not an official CPE) Rubyonrails Rails 3.0.1 Pre (not an official CPE) Rubyonrails Rails 3.0.0 Rc (not an official CPE) Rubyonrails Rails 3.0.0 Rc2 (not an official CPE) Rubyonrails Rails 3.0.0 Beta4 (not an official CPE) Rubyonrails Rails 3.0.0 Beta3 (not an official CPE) Rubyonrails Rails 3.0.0 Beta2 (not an official CPE) Rubyonrails Rails 3.0.0 Beta (not an official CPE) Rubyonrails Rails 3.0.0 (not an official CPE)