VDB

GCVE-110-MAGEIA-2014-303

GCVE-110-MAGEIA-2014-303
Advisory Published
Vulnetix · Advisory published July 26, 2014
Updated ruby-actionpack and ruby-activerecord packages fix security vulnerabilities: Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 4.0.5, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request (CVE-2014-0130). PostgreSQL supports a number of unique data types which are not present in other supported databases. A bug in the SQL quoting code in ActiveRecord in Ruby on Rails before 4.0.7 can allow an attacker to inject arbitrary SQL using carefully crafted values (CVE-2014-3483). The associated Ruby on Rails packages have been updated to version 4.0.8, to address these and other issues.

Affected Products

VendorProductVersionsPlatforms
Mageiaruby-actionmailer4.0.8-1.mga4 (unaffected), 0 (affected)
Mageiaruby-activemodel4.0.8-1.mga4 (unaffected), 0 (affected)
Mageiaruby-rails0 (affected), 4.0.8-1.mga4 (unaffected)
Mageiaruby-actionpack0 (affected), 4.0.8-1.mga4 (unaffected)
Mageiaruby-railties0 (affected), 4.0.8-1.mga4 (unaffected)
Mageiaruby-activerecord0 (affected), 4.0.8-1.mga4 (unaffected)
Mageiaruby-activesupport0 (affected), 4.0.8-1.mga4 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›