CVE-2014-0130
published 2014-05-07CVE-2014-0130: Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x…
PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
53.70%
98.9th percentile
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| actionpack_project | actionpack | >= 3.0.0 < 3.2.18 | 3.2.18 |
| actionpack_project | actionpack | >= 4.0.0 < 4.0.5 | 4.0.5 |
| actionpack_project | actionpack | >= 4.1.0 < 4.1.1 | 4.1.1 |
| redhat | enterprise_linux_server | — | — |
| redhat | subscription_asset_manager | <= 1.3.0 | — |
| rubyonrails | rails | < 3.2.18 | 3.2.18 |
| rubyonrails | rails | >= 0 < 2:4.2.6-1 | 2:4.2.6-1 |
| rubyonrails | rails | >= 0 < 2:4.2.10-0ubuntu4 | 2:4.2.10-0ubuntu4 |
| rubyonrails | rails | >= 4.0.0 < 4.0.5 | 4.0.5 |
| rubyonrails | rails | >= 4.1.0 < 4.1.1 | 4.1.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in actionpack/lib/abstract_controller/base.rb — the implicit-render implementation fails to sanitize route wildcard/glob parameters, allowing directory traversal via crafted HTTP requests when route globbing is enabled. ↗
- →Attack vector is a specially crafted HTTP request exploiting wildcard route segments (e.g. '*action' or similar glob patterns) to traverse directories and read arbitrary files from the Rails application server. ↗
- →An earlier, narrower understanding of the attack surface was '*action' route globs only; the full scope includes additional attack vectors beyond routes containing '*action' — all route glob configurations should be treated as potentially vulnerable. ↗
- →The implicit render functionality is the specific Rails code path to monitor/block; it renders templates without an explicit action and without adequate input sanitization of the route parameter. ↗
- ·Vulnerability is only triggerable when route globbing configurations are enabled in the Rails application. Applications without wildcard/glob route segments are at reduced (but not zero, per updated advisory) risk. ↗
- ·There are no feasible workarounds; the only reliable mitigation is upgrading to fixed versions (3.2.18, 4.0.5, or 4.1.1). A partial workaround requiring explicit actions and path checks is application-specific and may not be suitable for all apps. ↗
- ·Several Red Hat products (ruby193-rubygem-actionpack on OpenShift Enterprise 1, Red Hat OpenStack Platform 3 and 4) are marked 'Will not fix', meaning patched packages may not be available for those platforms. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Ruby on Rails Directory Traversal Vulnerability
cisa·2022-03-25·CVSS 7.5
CVE-2014-0130 [HIGH] CWE-22 Ruby on Rails Directory Traversal Vulnerability
Vulnerability: Ruby on Rails Directory Traversal Vulnerability
Affected: Rails Ruby on Rails
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2014-0130
Remediation Due Date: 2022-04-15
Red Hat
rubygem-actionpack: directory traversal issue
vendor_redhat·2014-05-06·CVSS 7.5
CVE-2014-0130 [HIGH] CWE-22 rubygem-actionpack: directory traversal issue
rubygem-actionpack: directory traversal issue
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
Package: ruby193-rubygem-actionpack (OpenShift Enterprise 1) - Will not fix
Package: ruby193-rubygem-actionpack (Red Hat OpenSt
OSV
actionpack Path Traversal vulnerability
osv·2017-10-24
CVE-2014-0130 [HIGH] actionpack Path Traversal vulnerability
actionpack Path Traversal vulnerability
Directory traversal vulnerability in `actionpack/lib/abstract_controller/base.rb` in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
GHSA
actionpack Path Traversal vulnerability
ghsa·2017-10-24
CVE-2014-0130 [HIGH] CWE-22 actionpack Path Traversal vulnerability
actionpack Path Traversal vulnerability
Directory traversal vulnerability in `actionpack/lib/abstract_controller/base.rb` in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
OSV
CVE-2014-0130: Directory traversal vulnerability in actionpack/lib/abstract_controller/base
osv·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130: Directory traversal vulnerability in actionpack/lib/abstract_controller/base
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
VulnCheck
Ruby on Rails Directory Traversal Vulnerability
vulncheck·2014·CVSS 7.5
CVE-2014-0130 [HIGH] CWE-22 Ruby on Rails Directory Traversal Vulnerability
Ruby on Rails Directory Traversal Vulnerability
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Affected: Rails Ruby on Rails
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blog.checkpoint.com/security/december-2021s-most-wanted-malware-trickbot-emotet-and-the-log4j-plague/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://blog.checkpoint.com/security/april-2022s-most-wanted-malware-a-shake-up-in-the-index-but-emotet-is-still-on-top/; https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0130 rubygem-activesupport: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-activesupport: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-activesupport: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affe
Bugzilla
CVE-2014-0130 rubygem-activeresource: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-activeresource: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-activeresource: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue aff
Bugzilla
CVE-2014-0130 rubygem-actionpack: directory traversal issue
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-actionpack: directory traversal issue
CVE-2014-0130 rubygem-actionpack: directory traversal issue
The following Ruby on Rails issue was reported[1]:
""
An earlier version of this advisory incorrectly assumed that the only way
to trigger this vulnerability was with routes containing '*action'. There
are additional attack vectors and as a result *all* users are advised to
upgrade to a fixed version as soon as possible.
There is a vulnerability in the 'implicit render' functionality in Ruby on
Rails. This vulnerability has been assigned the CVE identifier
CVE-2014-0130.
Versions Affected: All Supported
Not affected: None
Fixed Versions: 4.1.1, 4.0.5, 3.2.18
Impact
The implicit render functionality allows controllers to render a template,
even if there is no explicit action with the corresponding name. This
module does not pe
Bugzilla
CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects
Bugzilla
CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [epel-5]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [epel-5]
CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug f
Bugzilla
CVE-2014-0130 rubygem-activemodel: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-activemodel: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-activemodel: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affect
Bugzilla
CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-5]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-5]
CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug for
Bugzilla
CVE-2014-0130 rubygem-activeresource: Ruby on Rails: directory traversal issue [epel-5]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-activeresource: Ruby on Rails: directory traversal issue [epel-5]
CVE-2014-0130 rubygem-activeresource: Ruby on Rails: directory traversal issue [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug
Bugzilla
CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-all]
CVE-2014-0130 rubygem-actionpack: Ruby on Rails: directory traversal issue [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affe
Bugzilla
CVE-2014-0130 rubygem-railties: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-railties: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-railties: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects m
Bugzilla
CVE-2014-0130 rubygem-rails: Ruby on Rails: directory traversal issue [epel-5]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-rails: Ruby on Rails: directory traversal issue [epel-5]
CVE-2014-0130 rubygem-rails: Ruby on Rails: directory traversal issue [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug for ruby
Bugzilla
CVE-2014-0130 rubygem-actionmailer: Ruby on Rails: directory traversal issue [epel-5]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-actionmailer: Ruby on Rails: directory traversal issue [epel-5]
CVE-2014-0130 rubygem-actionmailer: Ruby on Rails: directory traversal issue [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug f
Bugzilla
CVE-2014-0130 rubygem-rails: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-rails: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-rails: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects mult
Bugzilla
CVE-2014-0130 rubygem-actionmailer: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-actionmailer: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-actionmailer: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affec
Bugzilla
CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [fedora-all]
bugzilla·2014-05-07·CVSS 7.5
CVE-2014-0130 [HIGH] CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [fedora-all]
CVE-2014-0130 rubygem-activerecord: Ruby on Rails: directory traversal issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affec
http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdfhttp://rhn.redhat.com/errata/RHSA-2014-1863.htmlhttp://www.securityfocus.com/bid/67244https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJhttp://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdfhttp://rhn.redhat.com/errata/RHSA-2014-1863.htmlhttp://www.securityfocus.com/bid/67244https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130
2014-05-07
Published
2022-03-25
Added to CISA KEV
Exploited in the wild