Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-0752 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-0752

High
Reference: CVE-2016-0752
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Title: Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1 4.0.x and 4.1.x before 4.1.14.1 4.2.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application39s unrestricted use of the render method and providing a .. (dot dot) in a pathname.