GHSA-h56m-vwxc-3qpw

Source

https://github.com/advisories/GHSA-h56m-vwxc-3qpw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-h56m-vwxc-3qpw/GHSA-h56m-vwxc-3qpw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-h56m-vwxc-3qpw

Aliases

CVE-2014-7829

Published

2017-10-24T18:33:36Z

Modified

2023-11-01T04:45:46.316912Z

Summary

Directory traversal vulnerability in actionpack

Details

Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestatic_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.

References

Affected packages

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.8

Affected versions

4.*

4.1.0

4.1.1

4.1.2.rc1

4.1.2.rc2

4.1.2.rc3

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6.rc1

4.1.6.rc2

4.1.6

4.1.7

4.1.7.1

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.2.21

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4.rc1

3.0.4

3.0.5.rc1

3.0.5

3.0.6.rc1

3.0.6.rc2

3.0.6

3.0.7.rc1

3.0.7.rc2

3.0.7

3.0.8.rc1

3.0.8.rc2

3.0.8.rc4

3.0.8

3.0.9.rc1

3.0.9.rc3

3.0.9.rc4

3.0.9.rc5

3.0.9

3.0.10.rc1

3.0.10

3.0.11

3.0.12.rc1

3.0.12

3.0.13.rc1

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.1.0.beta1

3.1.0.rc1

3.1.0.rc2

3.1.0.rc3

3.1.0.rc4

3.1.0.rc5

3.1.0.rc6

3.1.0.rc8

3.1.0

3.1.1.rc1

3.1.1.rc2

3.1.1.rc3

3.1.1

3.1.2.rc1

3.1.2.rc2

3.1.2

3.1.3

3.1.4.rc1

3.1.4

3.1.5.rc1

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11

3.1.12

3.2.0.rc1

3.2.0.rc2

3.2.0

3.2.1

3.2.2.rc1

3.2.2

3.2.3.rc1

3.2.3.rc2

3.2.3

3.2.4.rc1

3.2.4

3.2.5

3.2.6

3.2.7.rc1

3.2.7

3.2.8.rc1

3.2.8.rc2

3.2.8

3.2.9.rc1

3.2.9.rc2

3.2.9.rc3

3.2.9

3.2.10

3.2.11

3.2.12

3.2.13.rc1

3.2.13.rc2

3.2.13

3.2.14.rc1

3.2.14.rc2

3.2.14

3.2.15.rc1

3.2.15.rc2

3.2.15.rc3

3.2.15

3.2.16

3.2.17

3.2.18

3.2.19

3.2.20

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.12

Affected versions

4.*

4.0.0

4.0.1.rc1

4.0.1.rc2

4.0.1.rc3

4.0.1.rc4

4.0.1

4.0.2

4.0.3

4.0.4.rc1

4.0.4

4.0.5

4.0.6.rc1

4.0.6.rc2

4.0.6.rc3

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10.rc1

4.0.10.rc2

4.0.10

4.0.11

4.0.11.1

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0.beta1

Fixed

4.2.0.beta4

Affected versions

4.*

4.2.0.beta1

4.2.0.beta2

4.2.0.beta3