# File lib/brakeman/checks/check_default_routes.rb, line 52
  def check_for_cve_2014_0130
    case
    when lts_version?("2.3.18.9")
      #TODO: Should support LTS 3.0.20 too
      return
    when version_between?("2.0.0", "2.3.18")
      upgrade = "3.2.18"
    when version_between?("3.0.0", "3.2.17")
      upgrade = "3.2.18"
    when version_between?("4.0.0", "4.0.4")
      upgrade = "4.0.5"
    when version_between?("4.1.0", "4.1.0")
      upgrade = "4.1.1"
    else
      return
    end

    if allow_all_actions? or @actions_allowed_on_controller
      confidence = :high
    else
      confidence = :medium
    end

    warn :warning_type => "Remote Code Execution",
      :warning_code => :CVE_2014_0130,
      :message => msg(msg_version(rails_version), " with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to ", msg_version(upgrade)),
      :confidence => confidence,
      :file => "#{tracker.app_path}/config/routes.rb",
      :link => "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
  end