CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:11

Type Values Removed Values Added
References
  • {'url': 'https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q', 'name': 'https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q', 'tags': ['Exploit', 'Mitigation', 'Patch', 'Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/', 'name': 'FEDORA-2019-1cfe24db5c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/ -
  • () https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q -

Information

Published : 2019-03-27 14:29

Updated : 2023-12-10 12:59


NVD link : CVE-2019-5418

Mitre link : CVE-2019-5418

CVE.ORG link : CVE-2019-5418


JSON object : View

Products Affected

opensuse

  • leap

debian

  • debian_linux

redhat

  • software_collections
  • cloudforms

rubyonrails

  • rails

fedoraproject

  • fedora
CWE
NVD-CWE-noinfo CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')