CVE-2019-5418

Summary

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Affected Software

VendorProductVersion RangeStatus
Railshttps://github.com/rails/rails5.2.2.1affected
Railshttps://github.com/rails/rails5.1.6.2affected
Railshttps://github.com/rails/rails5.0.7.2affected
Railshttps://github.com/rails/rails4.2.11.1affected

Weaknesses

  • CWE-22: Path Traversal (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References