7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Name | rails_accept_readfile |
---|---|
CVE | CVE-2019-5418 Exploit Pack |
VENDOR: Rails | |
NOTES: |
The vulnerability resides in Action View in combination with calls to ‘render file:’ in a controller.
You need to place in the corresponding textfield the path to the controller that uses ‘render file’
in a similar way to the code below:
class HelloController < ApplicationController
def index
render file: “#{Rails.root}/some/file”
end
end
Vulnerable Rails versions:
Tested on:
Repeatability: Infinite
References: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5418
Date public: 13/03/2019
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N