CVE-2016-0752

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score28.6600%

EPSS Percentile89.59th

PublishedFeb 16, 2016

Last ModifiedApr 22, 2026

Vulnerability Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Affected Platforms (CPE)

📦

Rubyonrails

Rails

< 3.2.22.1

📦

Rubyonrails

Rails

>= 4.0.0 and < 4.1.14.1

📦

Rubyonrails

Rails

>= 4.2.0 and < 4.2.5.1

📦

Rubyonrails

Rails

= 5.0.0

💻

Opensuse

Leap

= 42.1

💻

Opensuse

= 13.2

💻

Suse

Linux Enterprise Module For Containers

= 12

💻

Debian

Debian Linux

= 8.0

📦

Redhat

Software Collections

= 1.0

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

🔗 http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

🔗 http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

🔗 http://rhn.redhat.com/errata/RHSA-2016-0296.html

🔗 http://www.debian.org/security/2016/dsa-3464

🔗 http://www.openwall.com/lists/oss-security/2016/01/25/13

Vulnerability Description

Affected Platforms (CPE)

Rails

Rails

Rails

Rails

Leap

Opensuse

Linux Enterprise Module For Containers

Debian Linux

Software Collections

References & Advisories

Related Vulnerabilities