CVE-2007-5379 (rails): Moderate severity vulnerability that affects rails

Moderate severity vulnerability that affects rails

Published: October 24, 2017

SEVERITY

CVSS v2.0: 5.0 (Medium)

PATCHED VERSIONS

>= 1.2.5

DESCRIPTION

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.

https://nvd.nist.gov/vuln/detail/CVE-2007-5379
http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
https://github.com/advisories/GHSA-fjfg-q662-gm6j
http://bugs.gentoo.org/show_bug.cgi?id=195315
http://osvdb.org/40717
http://security.gentoo.org/glsa/glsa-200711-17.xml

RubySec

CVE-2007-5379 (rails): Moderate severity vulnerability that affects rails

Moderate severity vulnerability that affects rails

SECURITY IDENTIFIERS

GEM

FRAMEWORK

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories