

Rails Directory Traversal Vulnerability – Amended (CVE-2014-0130) - nfm
https://groups.google.com/forum/#!topic/rubyonrails-security/PyJo7_m-Ehk

======
nfm
This is a follow up from [https://groups.google.com/forum/#!topic/rubyonrails-
security...](https://groups.google.com/forum/#!topic/rubyonrails-
security/NkKc7vTW70o) (HN discussion:
[https://news.ycombinator.com/item?id=7705415](https://news.ycombinator.com/item?id=7705415)).

Additional attack vectors have been discovered, so you may be vulnerable even
without "*action" globbing in your routes. All users are advised to upgrade to
a fixed version or apply the supplied patches.

