Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@3.2.0a
Typegem
Namespace
Nameactionpack
Version3.2.0a
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-xee7-ge26-yfdc
vulnerability_id VCID-xee7-ge26-yfdc
summary 
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7829
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.50206
published_at 2026-06-05T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.50199
published_at 2026-06-07T12:55:00Z
2
value 0.00265
scoring_system epss
scoring_elements 0.50214
published_at 2026-06-06T12:55:00Z
3
value 0.00265
scoring_system epss
scoring_elements 0.50144
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7829
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829
4
reference_url https://github.com/advisories/GHSA-h56m-vwxc-3qpw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h56m-vwxc-3qpw
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml
6
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ
7
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7829
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7829
9
reference_url https://puppet.com/security/cve/cve-2014-7829
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2014-7829
10
reference_url https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183
11
reference_url http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1164659
reference_id 1164659
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1164659
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id 770934
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
fixed_packages
0
url pkg:gem/actionpack@3.2.21
purl pkg:gem/actionpack@3.2.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-7spd-zybv-pbgm
5
vulnerability VCID-9t5z-1umq-qbe4
6
vulnerability VCID-9xc9-zvs2-1kde
7
vulnerability VCID-b464-j8ja-hke6
8
vulnerability VCID-bcwq-ngna-fqhd
9
vulnerability VCID-bfqq-ypyw-dycj
10
vulnerability VCID-cbvq-4ze7-r3g6
11
vulnerability VCID-chxq-j9us-cygh
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-fj3n-g8wp-bbaj
16
vulnerability VCID-ftus-vcww-2kgf
17
vulnerability VCID-gqfj-qxbc-xqhm
18
vulnerability VCID-hdu6-u2pb-aqhp
19
vulnerability VCID-hxcf-k4te-h3gu
20
vulnerability VCID-jkk1-jx5j-q3ch
21
vulnerability VCID-mf6k-jx45-m3fy
22
vulnerability VCID-n798-maqx-y3c9
23
vulnerability VCID-nhny-abkr-6qhb
24
vulnerability VCID-nprk-kfvh-vqfh
25
vulnerability VCID-nt1m-frdh-tbbq
26
vulnerability VCID-p6yg-d8wm-4bgz
27
vulnerability VCID-sw7t-5s3e-vkhx
28
vulnerability VCID-ufrj-jn16-jybn
29
vulnerability VCID-ugdk-t2vk-nkfc
30
vulnerability VCID-v3vg-9jdz-guf5
31
vulnerability VCID-vp3u-cexw-57a4
32
vulnerability VCID-vv7c-uwnu-nfhb
33
vulnerability VCID-wake-zgkk-vber
34
vulnerability VCID-ypcy-hry9-5fa3
35
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21
1
url pkg:gem/actionpack@4.0.11.1
purl pkg:gem/actionpack@4.0.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-ujt2-es3k-67aq
30
vulnerability VCID-v3vg-9jdz-guf5
31
vulnerability VCID-vp3u-cexw-57a4
32
vulnerability VCID-vv7c-uwnu-nfhb
33
vulnerability VCID-wake-zgkk-vber
34
vulnerability VCID-xee7-ge26-yfdc
35
vulnerability VCID-y8dx-xevb-bka2
36
vulnerability VCID-ypcy-hry9-5fa3
37
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1
2
url pkg:gem/actionpack@4.0.12
purl pkg:gem/actionpack@4.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-v3vg-9jdz-guf5
30
vulnerability VCID-vp3u-cexw-57a4
31
vulnerability VCID-vv7c-uwnu-nfhb
32
vulnerability VCID-wake-zgkk-vber
33
vulnerability VCID-xee7-ge26-yfdc
34
vulnerability VCID-y8dx-xevb-bka2
35
vulnerability VCID-ypcy-hry9-5fa3
36
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12
3
url pkg:gem/actionpack@4.1.0.beta1
purl pkg:gem/actionpack@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-v3vg-9jdz-guf5
30
vulnerability VCID-vex8-56fk-gqdf
31
vulnerability VCID-vp3u-cexw-57a4
32
vulnerability VCID-vv7c-uwnu-nfhb
33
vulnerability VCID-wake-zgkk-vber
34
vulnerability VCID-xee7-ge26-yfdc
35
vulnerability VCID-xvsy-e7fv-1ufe
36
vulnerability VCID-y8dx-xevb-bka2
37
vulnerability VCID-ypcy-hry9-5fa3
38
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1
4
url pkg:gem/actionpack@4.1.7.1
purl pkg:gem/actionpack@4.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-ujt2-es3k-67aq
30
vulnerability VCID-v3vg-9jdz-guf5
31
vulnerability VCID-vp3u-cexw-57a4
32
vulnerability VCID-vv7c-uwnu-nfhb
33
vulnerability VCID-wake-zgkk-vber
34
vulnerability VCID-xee7-ge26-yfdc
35
vulnerability VCID-y8dx-xevb-bka2
36
vulnerability VCID-ypcy-hry9-5fa3
37
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1
5
url pkg:gem/actionpack@4.1.8
purl pkg:gem/actionpack@4.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-v3vg-9jdz-guf5
30
vulnerability VCID-vp3u-cexw-57a4
31
vulnerability VCID-vv7c-uwnu-nfhb
32
vulnerability VCID-wake-zgkk-vber
33
vulnerability VCID-xee7-ge26-yfdc
34
vulnerability VCID-y8dx-xevb-bka2
35
vulnerability VCID-ypcy-hry9-5fa3
36
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8
6
url pkg:gem/actionpack@4.2.0.beta1
purl pkg:gem/actionpack@4.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-ecg2-wcty-b7hw
11
vulnerability VCID-egdx-4qqa-guh1
12
vulnerability VCID-f21a-143f-9qay
13
vulnerability VCID-f7bp-x4q3-jbeh
14
vulnerability VCID-ftus-vcww-2kgf
15
vulnerability VCID-gqfj-qxbc-xqhm
16
vulnerability VCID-hdu6-u2pb-aqhp
17
vulnerability VCID-hxcf-k4te-h3gu
18
vulnerability VCID-jkk1-jx5j-q3ch
19
vulnerability VCID-n798-maqx-y3c9
20
vulnerability VCID-nhny-abkr-6qhb
21
vulnerability VCID-nprk-kfvh-vqfh
22
vulnerability VCID-nt1m-frdh-tbbq
23
vulnerability VCID-p6yg-d8wm-4bgz
24
vulnerability VCID-sw7t-5s3e-vkhx
25
vulnerability VCID-ufrj-jn16-jybn
26
vulnerability VCID-ugdk-t2vk-nkfc
27
vulnerability VCID-v3vg-9jdz-guf5
28
vulnerability VCID-vp3u-cexw-57a4
29
vulnerability VCID-xee7-ge26-yfdc
30
vulnerability VCID-xvsy-e7fv-1ufe
31
vulnerability VCID-ypcy-hry9-5fa3
32
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1
7
url pkg:gem/actionpack@4.2.0.beta4
purl pkg:gem/actionpack@4.2.0.beta4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-ecg2-wcty-b7hw
11
vulnerability VCID-egdx-4qqa-guh1
12
vulnerability VCID-f21a-143f-9qay
13
vulnerability VCID-f7bp-x4q3-jbeh
14
vulnerability VCID-ftus-vcww-2kgf
15
vulnerability VCID-gqfj-qxbc-xqhm
16
vulnerability VCID-hdu6-u2pb-aqhp
17
vulnerability VCID-hxcf-k4te-h3gu
18
vulnerability VCID-jkk1-jx5j-q3ch
19
vulnerability VCID-n798-maqx-y3c9
20
vulnerability VCID-nhny-abkr-6qhb
21
vulnerability VCID-nprk-kfvh-vqfh
22
vulnerability VCID-nt1m-frdh-tbbq
23
vulnerability VCID-p6yg-d8wm-4bgz
24
vulnerability VCID-sw7t-5s3e-vkhx
25
vulnerability VCID-ufrj-jn16-jybn
26
vulnerability VCID-ugdk-t2vk-nkfc
27
vulnerability VCID-v3vg-9jdz-guf5
28
vulnerability VCID-vp3u-cexw-57a4
29
vulnerability VCID-xee7-ge26-yfdc
30
vulnerability VCID-ypcy-hry9-5fa3
31
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4
aliases CVE-2014-7829, GHSA-h56m-vwxc-3qpw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xee7-ge26-yfdc
1
url VCID-xvsy-e7fv-1ufe
vulnerability_id VCID-xvsy-e7fv-1ufe
summary 
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7818
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.4475
published_at 2026-06-06T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44729
published_at 2026-06-07T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.44674
published_at 2026-06-04T12:55:00Z
3
value 0.0022
scoring_system epss
scoring_elements 0.44743
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818
4
reference_url https://github.com/advisories/GHSA-29gr-w57f-rpfw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-29gr-w57f-rpfw
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml
6
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
7
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7818
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7818
9
reference_url https://puppet.com/security/cve/cve-2014-7829
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2014-7829
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1161499
reference_id 1161499
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1161499
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id 770934
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
fixed_packages
0
url pkg:gem/actionpack@3.2.20
purl pkg:gem/actionpack@3.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-7spd-zybv-pbgm
5
vulnerability VCID-9t5z-1umq-qbe4
6
vulnerability VCID-9xc9-zvs2-1kde
7
vulnerability VCID-b464-j8ja-hke6
8
vulnerability VCID-bcwq-ngna-fqhd
9
vulnerability VCID-bfqq-ypyw-dycj
10
vulnerability VCID-cbvq-4ze7-r3g6
11
vulnerability VCID-chxq-j9us-cygh
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-fj3n-g8wp-bbaj
16
vulnerability VCID-ftus-vcww-2kgf
17
vulnerability VCID-gqfj-qxbc-xqhm
18
vulnerability VCID-hdu6-u2pb-aqhp
19
vulnerability VCID-hxcf-k4te-h3gu
20
vulnerability VCID-jkk1-jx5j-q3ch
21
vulnerability VCID-mf6k-jx45-m3fy
22
vulnerability VCID-n798-maqx-y3c9
23
vulnerability VCID-nhny-abkr-6qhb
24
vulnerability VCID-nprk-kfvh-vqfh
25
vulnerability VCID-nt1m-frdh-tbbq
26
vulnerability VCID-p6yg-d8wm-4bgz
27
vulnerability VCID-sw7t-5s3e-vkhx
28
vulnerability VCID-ufrj-jn16-jybn
29
vulnerability VCID-ugdk-t2vk-nkfc
30
vulnerability VCID-ujt2-es3k-67aq
31
vulnerability VCID-v3vg-9jdz-guf5
32
vulnerability VCID-vp3u-cexw-57a4
33
vulnerability VCID-vv7c-uwnu-nfhb
34
vulnerability VCID-wake-zgkk-vber
35
vulnerability VCID-xee7-ge26-yfdc
36
vulnerability VCID-ypcy-hry9-5fa3
37
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20
1
url pkg:gem/actionpack@4.0.11
purl pkg:gem/actionpack@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-ujt2-es3k-67aq
30
vulnerability VCID-v3vg-9jdz-guf5
31
vulnerability VCID-vp3u-cexw-57a4
32
vulnerability VCID-vv7c-uwnu-nfhb
33
vulnerability VCID-wake-zgkk-vber
34
vulnerability VCID-xee7-ge26-yfdc
35
vulnerability VCID-y8dx-xevb-bka2
36
vulnerability VCID-ypcy-hry9-5fa3
37
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11
2
url pkg:gem/actionpack@4.1.0.beta1
purl pkg:gem/actionpack@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-v3vg-9jdz-guf5
30
vulnerability VCID-vex8-56fk-gqdf
31
vulnerability VCID-vp3u-cexw-57a4
32
vulnerability VCID-vv7c-uwnu-nfhb
33
vulnerability VCID-wake-zgkk-vber
34
vulnerability VCID-xee7-ge26-yfdc
35
vulnerability VCID-xvsy-e7fv-1ufe
36
vulnerability VCID-y8dx-xevb-bka2
37
vulnerability VCID-ypcy-hry9-5fa3
38
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1
3
url pkg:gem/actionpack@4.1.7
purl pkg:gem/actionpack@4.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-9xc9-zvs2-1kde
6
vulnerability VCID-b464-j8ja-hke6
7
vulnerability VCID-bcwq-ngna-fqhd
8
vulnerability VCID-bfqq-ypyw-dycj
9
vulnerability VCID-cbvq-4ze7-r3g6
10
vulnerability VCID-chxq-j9us-cygh
11
vulnerability VCID-ecg2-wcty-b7hw
12
vulnerability VCID-egdx-4qqa-guh1
13
vulnerability VCID-f21a-143f-9qay
14
vulnerability VCID-f7bp-x4q3-jbeh
15
vulnerability VCID-ftus-vcww-2kgf
16
vulnerability VCID-gqfj-qxbc-xqhm
17
vulnerability VCID-hdu6-u2pb-aqhp
18
vulnerability VCID-hxcf-k4te-h3gu
19
vulnerability VCID-jkk1-jx5j-q3ch
20
vulnerability VCID-mf6k-jx45-m3fy
21
vulnerability VCID-n798-maqx-y3c9
22
vulnerability VCID-nhny-abkr-6qhb
23
vulnerability VCID-nprk-kfvh-vqfh
24
vulnerability VCID-nt1m-frdh-tbbq
25
vulnerability VCID-p6yg-d8wm-4bgz
26
vulnerability VCID-sw7t-5s3e-vkhx
27
vulnerability VCID-ufrj-jn16-jybn
28
vulnerability VCID-ugdk-t2vk-nkfc
29
vulnerability VCID-ujt2-es3k-67aq
30
vulnerability VCID-v3vg-9jdz-guf5
31
vulnerability VCID-vp3u-cexw-57a4
32
vulnerability VCID-vv7c-uwnu-nfhb
33
vulnerability VCID-wake-zgkk-vber
34
vulnerability VCID-xee7-ge26-yfdc
35
vulnerability VCID-y8dx-xevb-bka2
36
vulnerability VCID-ypcy-hry9-5fa3
37
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7
4
url pkg:gem/actionpack@4.2.0.beta1
purl pkg:gem/actionpack@4.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-ecg2-wcty-b7hw
11
vulnerability VCID-egdx-4qqa-guh1
12
vulnerability VCID-f21a-143f-9qay
13
vulnerability VCID-f7bp-x4q3-jbeh
14
vulnerability VCID-ftus-vcww-2kgf
15
vulnerability VCID-gqfj-qxbc-xqhm
16
vulnerability VCID-hdu6-u2pb-aqhp
17
vulnerability VCID-hxcf-k4te-h3gu
18
vulnerability VCID-jkk1-jx5j-q3ch
19
vulnerability VCID-n798-maqx-y3c9
20
vulnerability VCID-nhny-abkr-6qhb
21
vulnerability VCID-nprk-kfvh-vqfh
22
vulnerability VCID-nt1m-frdh-tbbq
23
vulnerability VCID-p6yg-d8wm-4bgz
24
vulnerability VCID-sw7t-5s3e-vkhx
25
vulnerability VCID-ufrj-jn16-jybn
26
vulnerability VCID-ugdk-t2vk-nkfc
27
vulnerability VCID-v3vg-9jdz-guf5
28
vulnerability VCID-vp3u-cexw-57a4
29
vulnerability VCID-xee7-ge26-yfdc
30
vulnerability VCID-xvsy-e7fv-1ufe
31
vulnerability VCID-ypcy-hry9-5fa3
32
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1
5
url pkg:gem/actionpack@4.2.0.beta3
purl pkg:gem/actionpack@4.2.0.beta3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-75m1-xqdk-j7f3
4
vulnerability VCID-9t5z-1umq-qbe4
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-ecg2-wcty-b7hw
11
vulnerability VCID-egdx-4qqa-guh1
12
vulnerability VCID-f21a-143f-9qay
13
vulnerability VCID-f7bp-x4q3-jbeh
14
vulnerability VCID-ftus-vcww-2kgf
15
vulnerability VCID-gqfj-qxbc-xqhm
16
vulnerability VCID-hdu6-u2pb-aqhp
17
vulnerability VCID-hxcf-k4te-h3gu
18
vulnerability VCID-jkk1-jx5j-q3ch
19
vulnerability VCID-n798-maqx-y3c9
20
vulnerability VCID-nhny-abkr-6qhb
21
vulnerability VCID-nprk-kfvh-vqfh
22
vulnerability VCID-nt1m-frdh-tbbq
23
vulnerability VCID-p6yg-d8wm-4bgz
24
vulnerability VCID-sw7t-5s3e-vkhx
25
vulnerability VCID-ufrj-jn16-jybn
26
vulnerability VCID-ugdk-t2vk-nkfc
27
vulnerability VCID-v3vg-9jdz-guf5
28
vulnerability VCID-vp3u-cexw-57a4
29
vulnerability VCID-xee7-ge26-yfdc
30
vulnerability VCID-ypcy-hry9-5fa3
31
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3
aliases CVE-2014-7818, GHSA-29gr-w57f-rpfw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvsy-e7fv-1ufe
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0a