Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Remediation

References

CVE-2016-0752

Related Vulnerabilities

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4729)

PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-5585)

WordPress Plugin WP-Polls Cross-Site Scripting (2.69)

WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)

WordPress Plugin News Element Elementor Blog Magazine Local File Inclusion (1.0.5)

Severity

High

Classification

CVE-2016-0752 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities