|Number of vulnerabilities||1|
|CVE ID|| CVE-2016-0752
|CWE ID|| CWE-22
|Public exploit||Not available|
Ruby on Rails
|Vulnerable software versions||
Ruby on Rails 3.2.0
Ruby on Rails 3.2.0.rc1
Ruby on Rails 3.2.0.rc2
The vulnerability allows a remote attacker to read arbitrary files on the system.
The vulnerability exists due to improper input validation in Action View. A remote attacker can send a specially crafted request, containing directory traversal sequences (e.g. "../") and view contents of arbitrary file on vulnerable system.
Update to version 220.127.116.11, 18.104.22.168 or 22.214.171.124.External links