CVE-2016-2097

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2097.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-2097

Aliases

GHSA-vx9j-46rh-fqr8

Related

Published

2016-04-07T23:59:05Z

Modified

2024-09-11T03:43:24.713303Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

References

Affected packages

Debian:11 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.2.5.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.2.5.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.2.5.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rails/rails

Affected ranges

Type: GIT
Repo: https://github.com/rails/rails
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0690f6f3a47b8fddf60ac57da006f0b8bfa22e32

Last affected

15ac2f0b6b2702f180707f480eb966a4e3b96e25

Last affected

1f6113c6a9f1f2f8e362b0e7702afac5d8cf98db

Last affected

254e8e2c97b5df1dafd54cf8f305f7bad05f4a63

Last affected

276b72c60342eb716e7457b447bce1e352780e92

Last affected

2abe4b032d080f7177c6f2e34c9124c468e8a293

Last affected

31e922996b97b7c223ebc1e26d1a1a2764bb0a62

Last affected

375d9a0a7fb329b0fbbd75a13e93e53a00520587

Last affected

4e168015cef61207981d2427d4dbb6cf15f71182

Last affected

5505c1d700f17e2009e1189a7aa6dafafe7062a4

Last affected

6fe2572af11dc42f33d4f0e33a22391a85f2a1d2

Last affected

7b8e4f82717fcb944eb7e712050b223bd47b544e

Last affected

7c4bfe1c954ef90acf4f790e46fcbbd07d85af3e

Last affected

98d06c6bd4eefeeb342d05116fccefa11875cb9b

Last affected

9bb76261d39b59e7e229c80d052ca91a65ff17be

Last affected

b32babc4b0ff8f830933f25375ce9dbfbb356601

Last affected

b792566f3ebdd0c7dc688db7a4076d1c2c74f69f

Last affected

dfa7a76de8c1f7af0ef28119f9ac3072057c665e

Last affected

f17b04a23e7c597876cb2320ef9d525537e0b0a8

Affected versions

v0.*

v0.10.0

v0.10.1

v0.11.0

v0.11.1

v0.12.0

v0.13.0

v0.13.1

v0.14.1

v0.14.3

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.4.1

v0.9.5

v1.*

v1.1.0

v1.1.0_RC1

v1.1.1

v2.*

v2.0.0

v2.0.0_PR

v2.0.0_RC1

v2.0.0_RC2

v2.0.1

v2.1.0

v2.1.0_RC1

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.2.1

v3.*

v3.0.0.beta.2

v3.0.0.beta.3

v3.0.0.beta1

v3.0.0.beta2

v3.0.0.beta3

v3.0.0.beta4

v3.0.0_RC

v3.1.0.beta1

v3.1.0.rc1

v3.2.0.rc1

v4.*

v4.0.0.beta1

v4.0.0.rc1

v4.0.1

v4.0.1.rc1

v4.0.1.rc2

v4.0.1.rc3

v4.0.1.rc4

v4.0.2

v4.0.3

v4.0.4

v4.0.4.rc1

v4.0.5

v4.1.0

v4.1.0.beta1

v4.1.0.beta2

v4.1.0.rc1

v4.1.0.rc2

v4.1.1

v4.1.2

v4.1.2.rc1

v4.1.2.rc2

v4.1.2.rc3