Hacker Newsnew | comments | show | ask | jobs | submit login
Rails Directory Traversal Vulnerability – Amended (CVE-2014-0130) (groups.google.com)
5 points by nfm 447 days ago | 1 comment



This is a follow up from https://groups.google.com/forum/#!topic/rubyonrails-security... (HN discussion: https://news.ycombinator.com/item?id=7705415).

Additional attack vectors have been discovered, so you may be vulnerable even without "*action" globbing in your routes. All users are advised to upgrade to a fixed version or apply the supplied patches.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: