|
Description: | | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. |
|
Impact: | | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. |
|
Affected OS: | | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS, Others |
|
Reference: | | SecurityFocusBID:81801 SecurityTrackerID:1034816 ExploitDB:40561
|
|