Описание
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.
Меры по смягчению последствий
Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5.2 | ruby193-rubygem-actionpack | Will not fix | ||
| CloudForms Management Engine 5.3 | ruby193-rubygem-actionpack | Will not fix | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-actionpack | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygem-actionpack | Will not fix | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-actionpack | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-actionview | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activemodel | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activerecord | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activesupport | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | ror40-rubygem-actionpack | Fixed | RHSA-2016:0454 | 15.03.2016 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Directory traversal vulnerability in Action View in Ruby on Rails befo ...
Directory traversal vulnerability in Action View in Ruby on Rails
Уязвимость программной платформы Ruby on Rails, позволяющая нарушителю читать произвольные файлы
EPSS
6.8 Medium
CVSS2