Headline
CVE-2014-125033: HOTFIX : Another vulnerability picked up by Brakeman · bertrand-caron/rails-cv-app@0d20362
A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input …/…/…/etc/passwd leads to path traversal: '…/filedir’. The exploit has been disclosed to the public and may be used. The name of the patch is 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.
@@ -39,6 +39,11 @@ def create
@uploaded_file.name.gsub!(/ /, '-')
# Then write to file
# WARNING : File.open is definitely vulnerable to Path Traversal Attacks
# (https://www.owasp.org/index.php/Path_Traversal)
# The following line should take care of it, by only taking the past part of the path (aka filename)
@uploaded_file.name = @uploaded_file.name.split(/\//)[-1]
File.open(@uploaded_file.absolute_path, ‘wb’) do |file|
file.write(uploaded_io.read)
end