Arbitrary File Existence Exposure Affecting actionpack package, versions < 4.1.7.1, >= 4.1 < 4.0.11.1, >= 3.3 < 3.2.21, >= 3.0.0
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.53% (77th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-ACTIONPACK-20200
- published 16 Nov 2014
- disclosed 16 Nov 2014
- credit Patrick Toomey, Remon Oldenbeuving
Introduced: 16 Nov 2014
CVE-2014-7829 Open this link in a new tabHow to fix?
Upgrade actionpack
to versions 3.0.0, 3.2.21, 4.0.11.1, 4.0.12, 4.1.7.1, 4.1.8 or higher.
Overview
actionpack
is a web app builder and tester on Rails.
Affected versions of this Gem are vulnerable to Arbitrary File Existence Exposure. Specially crafted requests can be used to determine whether a file exists on the file system, outside of the Rails application's root directory. The files will not be served, but attackers can determine whether or not the file exists.