Spree Content Controller Unspecified Arbitrary File Disclosure
Published: April 19, 2011
SECURITY IDENTIFIERS
- OSVDB: OSVDB-73751
- Vendor Advisory: https://web.archive.org/web/20160331142302/https://spreecommerce.com/blog/security-fixes
GEM
PATCHED VERSIONS
>= 0.50.1
DESCRIPTION
Spree Gem for Ruby would allow a user to request a specially crafted URL and expose arbitrary files on the server