RHSA-2014:0510-01 -- Redhat ruby193-rubygem-actionpackID: oval:org.secpod.oval:def:505978 | Date: (C)2021-03-29 (M)2023-02-20 |
Class: PATCH | Family: unix |
Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. All ruby193-rubygem-actionpack users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Platform: |
Red Hat Enterprise Linux 6 |
Product: |
ruby193-rubygem-actionpack |