Directory traversal vulnerability in Action View in Ruby on Rails

Possible Information Leak Vulnerability in User Inpu

Reporter	Title	Published	Views	Family All 99
0day.today	Ruby on Rails Dynamic Render File Upload Remote Code Execution	15 Oct 201600:00	–	zdt
GithubExploit	Exploit for Path Traversal in Rubyonrails Rails	26 Jan 201615:25	–	githubexploit
ATTACKERKB	CVE-2016-2097	7 Apr 201600:00	–	attackerkb
ATTACKERKB	CVE-2016-0752	16 Feb 201600:00	–	attackerkb
FreeBSD	rails -- multiple vulnerabilities	25 Jan 201600:00	–	freebsd
BDU FSTEC	The vulnerability of the Ruby on Rails software platform, which allows a hacker to read arbitrary files	17 Mar 201600:00	–	bdu_fstec
Circl	CVE-2016-0752	17 Oct 201600:00	–	circl
CISA KEV Catalog	Ruby on Rails Directory Traversal Vulnerability	25 Mar 202200:00	–	cisa_kev
CNVD	Ruby on Rails Action View Directory Traversal Vulnerability	8 Feb 201600:00	–	cnvd
Check Point Advisories	Ruby On Rails Directory Traversal (CVE-2016-0752)	19 Apr 202200:00	–	checkpoint_advisories

Vulners

Node

gem actionviewRange4.0.0≥

gem actionviewRange<4.1.14.1

gem actionviewRange4.2.0≥

gem actionviewRange<4.2.5.1

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-0752
github	www.github.com/advisories/GHSA-xrr4-p6fq-hjg7
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml
groups	www.groups.google.com/forum/
groups	www.groups.google.com/forum/message/raw
web	www.web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw
web	www.web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801
web	www.web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

24 Oct 2017 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 25

CVSS 3.17.5

EPSS0.90494

SSVC