Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Remediation

References

CVE-2016-0752

Related Vulnerabilities

Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

WordPress Plugin Favicon by RealFaviconGenerator Unspecified Vulnerability (1.2.13)

MySQL CVE-2017-10227 Vulnerability (CVE-2017-10227)

WordPress Cross-Site Request Forgery (0.70 - 3.6.1)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.13)

Severity

High

Classification

CVE-2016-0752 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities