Moderate severity vulnerability that affects actionview
Moderate severity
GitHub Reviewed
Published
Sep 17, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Withdrawn
This advisory was withdrawn on Jun 16, 2020
Package
Affected versions
>= 4.1.0, <= 4.1.14.0
>= 4.2.0, <= 4.2.5.0
Patched versions
4.1.14.1
4.2.5.1
Description
Published to the GitHub Advisory Database
Sep 17, 2018
Reviewed
Jun 16, 2020
Withdrawn
Jun 16, 2020
Last updated
Jan 9, 2023
Withdrawn, accidental duplicate publish.
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
References