Summary: | <dev-ruby/rails-{3.2.18,4.0.5,4.1.1}: Directory Traversal Vulnerability With Certain Route Configurations (CVE-2014-0130) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hans de Graaff
2014-05-06 18:00:59 UTC
Rails 3.2.18, 4.0.5, and 4.1.1 are now in the tree. Upstream amended the advisory: "An earlier version of this advisory incorrectly assumed that the only way to trigger this vulnerability was with routes containing '*action'. There are additional attack vectors and as a result *all* users are advised to upgrade to a fixed version as soon as possible." Vulnerable versions have been removed. Maintainer(s), Thank you for cleanup! No GLSA needed as there are no stable versions. |