CVE-2014-125033

LOW

Rails-cv-app < 2014-11-16 - Path Traversal

Title source: rule

Description

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.

References (3)

[Third Party Advisory] https://vuldb.com/?id.217178

[Third Party Advisory] https://vuldb.com/?ctiid.217178

[Patch, Third Party Advisory] https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863

Scores

CVSS v3 3.5

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-22 CWE-24

Status published

Products (1)

rails-cv-app_project/rails-cv-app < 2014-11-16

Published Jan 02, 2023

Tracked Since Feb 18, 2026