Description
Rails scaffolding is a quick way to generate some of the major pieces of a Rails application. When scaffolding is used, Rails will create automatically the models, views, and controllers for a new resource in a single operation. Output formats are handled in the controller automatically. JSON and XML are natively supported by Rails. Sometimes developers use scaffolding but don't properly restrict access to all the APIs generated automatically by Rails. In this case, sensitive information is leaked via the autogenerated APIs. Acunetix found an API that possibly leaks sensitive information.
Remediation
Acunetix cannot confirm this is a real vulnerability. Manual confirmation is required for this alert. Make sure the information disclosed in the HTTP response does not contain any sensitive information. If it does, adjust the Rails controller code to prevent this information from leaking.
References
Related Vulnerabilities
WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.11)
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)