Arbitrary file existence disclosure in Action Pack
Specially crafted requests can be used to determine whether a file exists on
the filesystem that is outside the Rails application's root directory. The
files will not be served, but attackers can determine whether or not the file
exists. This vulnerability is very similar to CVE-2014-7818, but the
specially crafted string is slightly different.
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.Sign up for monitoring
Affected package information
|Package||Patched in||Unaffected in|