Description
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2005-3166)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0813)
WebLogic CVE-2020-2766 Vulnerability (CVE-2020-2766)
Oracle Database Server CVE-2011-2240 Vulnerability (CVE-2011-2240)
WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.2.2)