Rails Directory Traversal Vulnerability – Amended (CVE-2014-0130) (groups.google.com) 5 points by nfm 12y ago ↗ HN
[–] nfm 12y ago ↗ This is a follow up from https://groups.google.com/forum/#!topic/rubyonrails-security... (HN discussion: https://news.ycombinator.com/item?id=7705415).Additional attack vectors have been discovered, so you may be vulnerable even without "*action" globbing in your routes. All users are advised to upgrade to a fixed version or apply the supplied patches.
1 comment
[ 1.8 ms ] story [ 10.9 ms ] threadAdditional attack vectors have been discovered, so you may be vulnerable even without "*action" globbing in your routes. All users are advised to upgrade to a fixed version or apply the supplied patches.