Описание
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain access to the proper files. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
This issue did affect the versions of rh-ror42-rubygem-actionpack and rh-ror50-rubygem-actionpack as shipped with Red Hat Software Collections.
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
There is a File Content Disclosure vulnerability in Action View <5.2.2 ...
Уязвимость компонента Action View программной платформы Ruby on Rails, позволяющая нарушителю читать произвольные файлы
EPSS
8.1 High
CVSS3