4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.4%
Specially crafted requests can be used to determine whether a file exists on
the filesystem that is outside the Rails application’s root directory. The
files will not be served, but attackers can determine whether or not the file
exists. This vulnerability is very similar to CVE-2014-7818, but the
specially crafted string is slightly different.
CPE | Name | Operator | Version |
---|---|---|---|
actionpack | lt | 3.0.0 | |
actionpack | le | 3.2.20 | |
actionpack | ge | 3.3.0 | |
actionpack | le | 4.0.11.0 | |
actionpack | ge | 4.0.12.0 | |
actionpack | le | 4.0.11 | |
actionpack | ge | 4.1.0 | |
actionpack | le | 4.1.7.0 | |
actionpack | ge | 4.1.8.0 | |
actionpack | lt | 4.1.8 |