CVE-2019-5418
- Source
- https://cve.org/CVERecord?id=CVE-2019-5418
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5418.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-5418
- Aliases
- Downstream
- Related
- Published
- 2019-03-27T14:29:01.533Z
- Modified
- 2026-02-03T07:05:16.994699Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
- References
-
- http://www.openwall.com/lists/oss-security/2019/03/22/1
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
- http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
- http://www.openwall.com/lists/oss-security/2019/03/22/1
- https://access.redhat.com/errata/RHSA-2019:0796
- https://access.redhat.com/errata/RHSA-2019:1147
- https://access.redhat.com/errata/RHSA-2019:1149
- https://access.redhat.com/errata/RHSA-2019:1289
- https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
- https://www.exploit-db.com/exploits/46585/
- https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
- https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
- http://www.openwall.com/lists/oss-security/2019/03/22/1
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
- https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
- http://www.openwall.com/lists/oss-security/2019/03/22/1
- https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
- http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
- https://www.exploit-db.com/exploits/46585/
Affected packages
Git / github.com/rails/rails
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rails/rails
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v5.*
v5.0.0
v5.0.0.1
v5.0.1
v5.0.1.rc1
v5.0.1.rc2
v5.0.2
v5.0.2.rc1
v5.0.3
v5.0.4
v5.0.4.rc1
v5.0.5
v5.0.5.rc1
v5.0.5.rc2
v5.0.6
v5.0.7
v5.0.7.1
v5.1.0
v5.1.1
v5.1.2
v5.1.2.rc1
v5.1.3
v5.1.3.rc1
v5.1.3.rc2
v5.1.3.rc3
v5.1.4
v5.1.4.rc1
v5.1.5
v5.1.5.rc1
v5.1.6
v5.1.6.1
v5.2.0
v5.2.1
v5.2.1.1
v5.2.1.rc1
v5.2.2
v5.2.2.rc1