Moderate severity vulnerability that affects actionpack
Moderate severity
GitHub Reviewed
Published
Sep 17, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Withdrawn
This advisory was withdrawn on Jun 16, 2020
Package
Affected versions
< 3.2.20
>= 4.0.0, < 4.0.11
>= 4.1.0, < 4.1.7
Patched versions
3.2.20
4.0.11
4.1.7
Description
Published to the GitHub Advisory Database
Sep 17, 2018
Reviewed
Jun 16, 2020
Withdrawn
Jun 16, 2020
Last updated
Jan 9, 2023
Withdrawn, accidental duplicate publish.
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.
References