Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2097

Опубликовано: 29 фев. 2016
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5.2ruby193-rubygem-actionpackWill not fix
CloudForms Management Engine 5.3ruby193-rubygem-actionpackWill not fix
Red Hat Subscription Asset Managerruby193-rubygem-actionpackWill not fix
Red Hat Subscription Asset Managerrubygem-actionpackWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6ror40-rubygem-actionpackFixedRHSA-2016:045415.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ror40-rubygem-activerecordFixedRHSA-2016:045415.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ror40-rubygem-activesupportFixedRHSA-2016:045415.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ruby193-rubygem-actionpackFixedRHSA-2016:045515.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ruby193-rubygem-activerecordFixedRHSA-2016:045515.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ruby193-rubygem-activesupportFixedRHSA-2016:045515.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1310043rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix

EPSS

Процентиль: 85%
0.02343
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2097

CVSS3: 5.3
ubuntu
почти 10 лет назад

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

nvd логотип

CVE-2016-2097

CVSS3: 5.3
nvd
почти 10 лет назад

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

debian логотип

CVE-2016-2097

CVSS3: 5.3
debian
почти 10 лет назад

Directory traversal vulnerability in Action View in Ruby on Rails befo ...

github логотип

GHSA-vx9j-46rh-fqr8

CVSS3: 5.3
github
больше 8 лет назад

actionview contains Path Traversal vulnerability

suse-cvrf логотип

SUSE-SU-2016:0967-1

suse-cvrf
почти 10 лет назад

Security update for rubygem-actionpack-3_2

EPSS

Процентиль: 85%
0.02343
Низкий

6.8 Medium

CVSS2