CVE-2014-0130
Ruby on Rails Directory Traversal Vulnerability
CVSS
—
No CVSS
EPSS
53.7%
p99
KEV
YES
Mar 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
53.7%EPSS · 30 days53.7%
2026-06-302026-07-16
Product
Rails / Ruby on Rails
Vulnerability
Ruby on Rails Directory Traversal Vulnerability
Added to KEV
Mar 25, 2022
Remediate by
Apr 15, 2022
Known ransomware use
No
Summary description
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-0130