VDB
GCVE-110-MAGEIA-2014-303
GCVE-110-MAGEIA-2014-303
Advisory Published
Updated ruby-actionpack and ruby-activerecord packages fix security
vulnerabilities:
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb
in the implicit-render implementation in Ruby on Rails before 4.0.5, when
certain route globbing configurations are enabled, allows remote attackers to
read arbitrary files via a crafted request (CVE-2014-0130).
PostgreSQL supports a number of unique data types which are not present in
other supported databases. A bug in the SQL quoting code in ActiveRecord in
Ruby on Rails before 4.0.7 can allow an attacker to inject arbitrary SQL using
carefully crafted values (CVE-2014-3483).
The associated Ruby on Rails packages have been updated to version 4.0.8, to
address these and other issues.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ruby-actionmailer | 4.0.8-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | ruby-activemodel | 4.0.8-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | ruby-rails | 0 (affected), 4.0.8-1.mga4 (unaffected) | — |
| Mageia | ruby-actionpack | 0 (affected), 4.0.8-1.mga4 (unaffected) | — |
| Mageia | ruby-railties | 0 (affected), 4.0.8-1.mga4 (unaffected) | — |
| Mageia | ruby-activerecord | 0 (affected), 4.0.8-1.mga4 (unaffected) | — |
| Mageia | ruby-activesupport | 0 (affected), 4.0.8-1.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.