RubySec

Providing security resources for the Ruby community

OSVDB-73751 (spree): Spree Content Controller Unspecified Arbitrary File Disclosure

ADVISORIES

GEM

spree

PATCHED VERSIONS

  • >= 0.50.1

DESCRIPTION

Spree Gem for Ruby would allow a user to request a specially crafted URL and expose arbitrary files on the server

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories