|Number of vulnerabilities||1|
|CVE ID|| CVE-2016-0752
|Public exploit||Public exploit code for vulnerability #1 is available.|
Ruby on Rails
|Vulnerable software versions||
Ruby on Rails 3.2.0
Ruby on Rails 3.2.0.rc1
Ruby on Rails 3.2.0.rc2
The vulnerability allows a remote attacker to read arbitrary files on the system.
The vulnerability exists due to improper input validation in Action View. A remote attacker can send a specially crafted request, containing directory traversal sequences (e.g. "../") and view contents of arbitrary file on vulnerable system.
Update to version 188.8.131.52, 184.108.40.206 or 220.127.116.11.External links