← back
CVE-2016-0752

CVE-2016-0752

CVSS 7.5 HIGHEPSS 95.5%● KEVCWE-22
In short

A flaw in Ruby on Rails allows attackers to read files they shouldn't access by using special path tricks (like ".." in filenames) when the application renders templates. This happens when developers don't properly restrict what files can be displayed.

Technical detail

Directory traversal vulnerability in Rails Action View via improper path validation in the render method. Attackers can bypass pathname restrictions using dot-dot sequences to traverse the filesystem and access arbitrary files. Affects Rails 3.2.x, 4.0.x, 4.1.x, 4.2.x, and 5.x before specific patch versions.

Summary generated and translated by AI from the official description.
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/forced-request/rails-rce-cve-2016-075210githubgithub.com/dachidahu/CVE-2016-07520cve_referencewww.exploit-db.com/exploits/40561/unverifiedexploitdbwww.exploit-db.com/exploits/40561unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00043.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0296.htmlhttps://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752https://www.exploit-db.com/exploits/40561/http://www.debian.org/security/2016/dsa-3464http://www.openwall.com/lists/oss-security/2016/01/25/13http://www.securityfocus.com/bid/81801