CVE-2019-5418

Published: Mar 27, 2019

Modified: Oct 21, 2025

PUBLISHED

Description

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Vendor	Product	Versions
Rails	https://github.com/rails/rails	affected `5.2.2.1` affected `5.1.6.2` affected `5.0.7.2` affected `4.2.11.1`

Weaknesses (CWE)

CWE-22

References

46585

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html

x_refsource_MISC

[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View

mailing-list

x_refsource_MLIST

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q

x_refsource_CONFIRM

[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update

mailing-list

x_refsource_MLIST

RHSA-2019:0796

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:1344

vendor-advisory

x_refsource_SUSE

FEDORA-2019-1cfe24db5c

vendor-advisory

x_refsource_FEDORA

RHSA-2019:1149

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1147

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1289

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-5418

Description

Affected Products

Weaknesses (CWE)

References