vulnerability
Ruby on Rails Ruby on Rails: CVE-2019-5418: Improper Limitation of a Pathname to a Restricted Directory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 27, 2019 | Jan 3, 2020 | May 6, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 27, 2019
Added
Jan 3, 2020
Modified
May 6, 2026
Description
There is a File Content Disclosure vulnerability in Action View less than5.2.2.1, less than5.1.6.2, less than5.0.7.2, less than4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Solution
ruby-on-rails-upgrade-latest
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.