

Arbitrary file existence disclosure in Action Pack (CVE-2014-7818) - bensedat
https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo

======
ShaneWilton
Wow, this is trivial to exploit -- I recommend people apply the patches
immediately. You can't leak file contents, but it's otherwise a fairly
standard path traversal attack.

