Vulnerability identifier: #VU8568
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: Yes
The vulnerability allows a remote attacker to read arbitrary files on the system.
The vulnerability exists due to improper input validation in Action View. A remote attacker can send a specially crafted request, containing directory traversal sequences (e.g. "../") and view contents of arbitrary file on vulnerable system.
Update to version 184.108.40.206, 220.127.116.11 or 18.104.22.168.
Vulnerable software versions
Ruby on Rails: 3.2.0 - 4.2.5 rc2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?