Vulnerability Details : CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
Vulnerability category: Directory traversal
Threat overview for CVE-2014-0130
Top countries where our scanners detected CVE-2014-0130
Top open port discovered on systems with this issue
80
IPs affected by CVE-2014-0130 7
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-0130!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
CVE-2014-0130 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Ruby on Rails Directory Traversal Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2014-0130
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2014-0130
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less