⚠ Actively exploited

Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2016-0752 — Path Traversal in Rails

CWE-22 — Path Traversal19 documents11 sources

Severity

7.5HIGHNVD

EPSS

91.1%

top 0.36%

CISA KEV

KEV

Added 2022-03-25

Due 2022-04-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

Rubyonrails Rails Actionpack Project Actionpack Rails Actionview +5 more

Timeline

PublishedFeb 16

KEV addedMar 25

KEV dueApr 15

CISA Required Action: Apply updates per vendor instructions.

Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

▶RubyGemsrails/actionview4.0.0 — 4.1.14.1+3

▶NVDrubyonrails/rails4.0.0 — 4.1.14.1+3

▶Debianrubyonrails/rails< 2:4.2.5.1-1+3

▶RubyGemsactionpack_project/actionpack4.0.0 — 4.1.14.1+2

▶NVDopensuse/leap42.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

OSV

Moderate severity vulnerability that affects actionview↗2018-08-13

▶

GHSA

Moderate severity vulnerability that affects actionview↗2018-08-13

▶

OSV

Directory traversal vulnerability in Action View in Ruby on Rails↗2017-10-24

▶

GHSA

Directory traversal vulnerability in Action View in Ruby on Rails↗2017-10-24

▶

GHSA

actionview contains Path Traversal vulnerability↗2017-10-24

▶

💥Exploits & PoCs

Exploit-DB

Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)↗2016-10-17

▶

📋Vendor Advisories

CISA

Ruby on Rails Directory Traversal Vulnerability↗2022-03-25

▶

Red Hat

rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix↗2016-02-29

▶

Red Hat

rubygem-actionpack: directory traversal flaw in Action View↗2016-01-25

▶

Debian

CVE-2016-0752: rails - Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22....↗2016

▶

💬Community

HackerOne

Regarding [CVE-2016-0752] Possible Information Leak Vulnerability in Action View↗2016-03-01

▶

Bugzilla

CVE-2016-2097 rubygem-actionview, rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix↗2016-02-19

▶

HackerOne

Explicit, dynamic render path: Dir. Trav + RCE↗2016-02-12

▶

Bugzilla

CVE-2016-0752 rubygem-actionpack: directory traversal flaw in Action View↗2016-01-26

▶

Bugzilla

CVE-2016-0752 rubygem-actionview: Possible Information Leak Vulnerability in Action View [fedora-all]↗2016-01-26

▶