CVE-2007-5379
Description
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
10.596
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2007-3227,CVE-2007-5379 are fixed in Ruby-rails 1.2.5 | Windows |
| Vulnerabilities CVE-2007-5380,CVE-2007-5379 are fixed in Ruby-rails 1.2.4 | Windows |
| Vulnerabilities CVE-2007-3227,CVE-2007-5379 are fixed in Ruby-rails for Linux 1.2.5 | Linux |
| Vulnerabilities CVE-2007-5380,CVE-2007-5379 are fixed in Ruby-rails for Linux 1.2.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234