There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the rails application server.
In order to be vulnerable an application must specifically use globbing routes in combination with the :action parameter. The purpose of the route globbing feature is to allow parameters to contain characters which would otherwise be regarded as separators, for example '/' and '.'. As these characters have semantic meaning within template filenames, it is highly unlikely that applications are deliberately combining these functions.
- Apply the patches provided by the vendor or update to the latest version of Rails.
- Apache Struts2 Remote Command Execution (S2-048)
- WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)
- Arbitrary EL Evaluation in RichFaces
- Apache Log4j socket receiver deserialization vulnerability
- WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)