CVEs-PoC/2014/CVE-2014-0130.md

### [CVE-2014-0130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

### POC

#### Reference
- https://hackerone.com/reports/3370

#### Github
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/bibin-paul-trustme/ruby_repo
- https://github.com/jasnow/585-652-ruby-advisory-db
- https://github.com/omarkurt/cve-2014-0130
- https://github.com/rubysec/ruby-advisory-db
- https://github.com/wrbejar/fake_ruby
- https://github.com/xthk/fake-vulnerabilities-ruby-bundler
- https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147-