CVE-2019-5418

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-5418

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5418.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-5418

Aliases

GHSA-86g5-2wh3-gc9j

Related

Published

2019-03-27T14:29:01Z

Modified

2024-09-11T04:31:15.952662Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

References

Affected packages

Debian:11 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:5.2.2.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:5.2.2.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:5.2.2.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rails/rails

Affected ranges

Type: GIT
Repo: https://github.com/rails/rails
Events: Introduced

2efddadd6cba4e2129acedf1d402d11abcc03996

Fixed

c4d3e202e10ae627b3b9c34498afb45450652421

Affected versions

v5.*

v5.0.0

v5.0.0.1

v5.0.1

v5.0.1.rc1

v5.0.1.rc2

v5.0.2

v5.0.2.rc1

v5.0.3

v5.0.4

v5.0.4.rc1

v5.0.5

v5.0.5.rc1

v5.0.5.rc2

v5.0.6

v5.0.7

v5.0.7.1