cnvd - cnvd-2019-07446

cnvd-2019-07446

Vulnerability from cnvd

Title: Ruby on Rails任意文件读取漏洞

Description:

Ruby on Rails是一套使用Ruby开发的，非常有生产力、维护性高、容易布署的 Web 开发框架，是全世界 Web 应用程式开发的首选框架之一。

Ruby on Rails存在任意文件读取漏洞，漏洞源于使用render渲染文件内容却未能指定接受格式，攻击者可利用该漏洞渲染服务器上的任意文件，造成文件内容泄漏。

Severity: 中

Patch Name: Ruby on Rails任意文件读取漏洞的补丁

Patch Description:

Ruby on Rails是一套使用Ruby开发的，非常有生产力、维护性高、容易布署的 Web 开发框架，是全世界 Web 应用程式开发的首选框架之一。

Ruby on Rails存在任意文件读取漏洞，漏洞源于使用render渲染文件内容却未能指定接受格式，攻击者可利用该漏洞渲染服务器上的任意文件，造成文件内容泄漏。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://rubyonrails.org/

Reference: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e267 https://www.seebug.org/vuldb/ssvid-97864

Impacted products

Name
['Ruby on Rails Ruby on Rails <6.0.0.beta3', 'Ruby on Rails Ruby on Rails <5.2.2.1', 'Ruby on Rails Ruby on Rails <5.1.6.2', 'Ruby on Rails Ruby on Rails <5.0.7.2', 'Ruby on Rails Ruby on Rails <4.2.11.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5418"
    }
  },
  "description": "Ruby on Rails\u662f\u4e00\u5957\u4f7f\u7528Ruby\u5f00\u53d1\u7684\uff0c\u975e\u5e38\u6709\u751f\u4ea7\u529b\u3001\u7ef4\u62a4\u6027\u9ad8\u3001\u5bb9\u6613\u5e03\u7f72\u7684\nWeb \u5f00\u53d1\u6846\u67b6\uff0c\u662f\u5168\u4e16\u754c Web \u5e94\u7528\u7a0b\u5f0f\u5f00\u53d1\u7684\u9996\u9009\u6846\u67b6\u4e4b\u4e00\u3002\n\nRuby on Rails\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528render\u6e32\u67d3\u6587\u4ef6\u5185\u5bb9\u5374\u672a\u80fd\u6307\u5b9a\u63a5\u53d7\u683c\u5f0f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6e32\u67d3\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\uff0c\u9020\u6210\u6587\u4ef6\u5185\u5bb9\u6cc4\u6f0f\u3002",
  "discovererName": "Aaron Patterson",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rubyonrails.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-07446",
  "openTime": "2019-03-19",
  "patchDescription": "Ruby on Rails\u662f\u4e00\u5957\u4f7f\u7528Ruby\u5f00\u53d1\u7684\uff0c\u975e\u5e38\u6709\u751f\u4ea7\u529b\u3001\u7ef4\u62a4\u6027\u9ad8\u3001\u5bb9\u6613\u5e03\u7f72\u7684\r\nWeb \u5f00\u53d1\u6846\u67b6\uff0c\u662f\u5168\u4e16\u754c Web \u5e94\u7528\u7a0b\u5f0f\u5f00\u53d1\u7684\u9996\u9009\u6846\u67b6\u4e4b\u4e00\u3002\r\n\r\nRuby on Rails\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528render\u6e32\u67d3\u6587\u4ef6\u5185\u5bb9\u5374\u672a\u80fd\u6307\u5b9a\u63a5\u53d7\u683c\u5f0f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6e32\u67d3\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\uff0c\u9020\u6210\u6587\u4ef6\u5185\u5bb9\u6cc4\u6f0f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ruby on Rails\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ruby on Rails Ruby on Rails \u003c6.0.0.beta3",
      "Ruby on Rails Ruby on Rails \u003c5.2.2.1",
      "Ruby on Rails Ruby on Rails \u003c5.1.6.2",
      "Ruby on Rails Ruby on Rails \u003c5.0.7.2",
      "Ruby on Rails Ruby on Rails \u003c4.2.11.1"
    ]
  },
  "referenceLink": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q\r\nhttps://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e267\r\nhttps://www.seebug.org/vuldb/ssvid-97864",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-19",
  "title": "Ruby on Rails\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

CVE-2019-5418 (GCVE-0-2019-5418)

Vulnerability from cvelistv5

Published

2019-03-27 13:38

Modified

2025-07-30 01:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Path Traversal ()

Summary

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

References

▼	URL	Tags
	https://www.exploit-db.com/exploits/46585/	exploit, x_refsource_EXPLOIT-DB
	http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/03/22/1	mailing-list, x_refsource_MLIST
	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/	x_refsource_CONFIRM
	https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:0796	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2019:1149	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1147	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1289	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Rails	https://github.com/rails/rails	Version: 5.2.2.1 Version: 5.1.6.2 Version: 5.0.7.2 Version: 4.2.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "46585",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46585/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"
          },
          {
            "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q"
          },
          {
            "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
          },
          {
            "name": "RHSA-2019:0796",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0796"
          },
          {
            "name": "openSUSE-SU-2019:1344",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
          },
          {
            "name": "FEDORA-2019-1cfe24db5c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
          },
          {
            "name": "RHSA-2019:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1149"
          },
          {
            "name": "RHSA-2019:1147",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1147"
          },
          {
            "name": "RHSA-2019:1289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1289"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-5418",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T03:55:43.688900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-07-07",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:06.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-07-07T00:00:00+00:00",
            "value": "CVE-2019-5418 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "Rails",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.2.1"
            },
            {
              "status": "affected",
              "version": "5.1.6.2"
            },
            {
              "status": "affected",
              "version": "5.0.7.2"
            },
            {
              "status": "affected",
              "version": "4.2.11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a File Content Disclosure vulnerability in Action View \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system\u0027s filesystem to be exposed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-11T18:33:30.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "name": "46585",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46585/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"
        },
        {
          "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q"
        },
        {
          "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
        },
        {
          "name": "RHSA-2019:0796",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0796"
        },
        {
          "name": "openSUSE-SU-2019:1344",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
        },
        {
          "name": "FEDORA-2019-1cfe24db5c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
        },
        {
          "name": "RHSA-2019:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1149"
        },
        {
          "name": "RHSA-2019:1147",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1147"
        },
        {
          "name": "RHSA-2019:1289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1289"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2019-5418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.2.1"
                          },
                          {
                            "version_value": "5.1.6.2"
                          },
                          {
                            "version_value": "5.0.7.2"
                          },
                          {
                            "version_value": "4.2.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rails"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a File Content Disclosure vulnerability in Action View \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system\u0027s filesystem to be exposed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal (CWE-22)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46585",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46585/"
            },
            {
              "name": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"
            },
            {
              "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
            },
            {
              "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",
              "refsource": "CONFIRM",
              "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q"
            },
            {
              "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
            },
            {
              "name": "RHSA-2019:0796",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0796"
            },
            {
              "name": "openSUSE-SU-2019:1344",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
            },
            {
              "name": "FEDORA-2019-1cfe24db5c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
            },
            {
              "name": "RHSA-2019:1149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1149"
            },
            {
              "name": "RHSA-2019:1147",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1147"
            },
            {
              "name": "RHSA-2019:1289",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1289"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2019-5418",
    "datePublished": "2019-03-27T13:38:58.000Z",
    "dateReserved": "2019-01-04T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:06.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted