1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Atack: Ruby On Rails CVE-2016-0752

Atack: Ruby On Rails CVE-2016-0752

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.

Additional Information

Ruby on Rails Action View is a component of Action Pack.

Ruby on Rails Action View is prone to a directory-traversal vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'render' method in the controller.

A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.

Affected

  • Multiple version of Ruby On Rails
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube