Your submission was sent successfully! Close

CVE-2007-5379

Published: 19 October 2007

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.

Priority

Low

Status

Package Release Status
rails
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
edgy Needed
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Not vulnerable

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable

upstream
Released (1.2.4)