VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / actionview

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-5418 unknown 2.5 7y ago Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server… susedebianruby
CVE-2016-0752 unknown 2.5 11y ago Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. susedebianruby
CVE-2020-8163 unknown 1.0 6y ago The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. susedebianruby