ADVISORIES
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 4.3 (Medium)
UNAFFECTED VERSIONS
- < 3.0.0
PATCHED VERSIONS
- ~> 3.2.20
- ~> 4.0.11
- ~> 4.1.7
- >= 4.2.0.beta3
DESCRIPTION
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application’s root directory. The files will not be served, but attackers can determine whether or not the file exists.