Description
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
Remediation
References
Related Vulnerabilities
WordPress Plugin S3 Video Cross-Site Scripting (0.982)
PHP Uncontrolled Resource Consumption Vulnerability (CVE-2011-3336)
Microsoft SQL Server CVE-2023-29349 Vulnerability (CVE-2023-29349)
WordPress Plugin Fuctweb CapCC 'plugins.php' SQL Injection (1.0)
WordPress Plugin Email newsletter Cross-Site Scripting (20.13.6)