CVE-2016-2097

medium

Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

References

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

http://www.securitytracker.com/id/1035122

http://www.securityfocus.com/bid/83726

http://www.debian.org/security/2016/dsa-3509

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

Details

Source: Mitre, NVD

Published: 2016-04-07

Updated: 2019-08-08

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium