CVE-2016-0752

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score28.6600%

EPSS Percentile89.59th

Published2016年2月16日

Last Modified2026年4月22日

Vulnerability Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Affected Platforms (CPE)

📦

Rubyonrails

Rails

< 3.2.22.1

📦

Rubyonrails

Rails

>= 4.0.0 and < 4.1.14.1

📦

Rubyonrails

Rails

>= 4.2.0 and < 4.2.5.1

📦

Rubyonrails

Rails

= 5.0.0

💻

Opensuse

Leap

= 42.1

💻

Opensuse

= 13.2

💻

Suse

Linux Enterprise Module For Containers

= 12

💻

Debian

Debian Linux

= 8.0

📦

Redhat

Software Collections

= 1.0

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

🔗 http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

🔗 http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

🔗 http://rhn.redhat.com/errata/RHSA-2016-0296.html

🔗 http://www.debian.org/security/2016/dsa-3464

🔗 http://www.openwall.com/lists/oss-security/2016/01/25/13

Vulnerability Description

Affected Platforms (CPE)

Rails

Rails

Rails

Rails

Leap

Opensuse

Linux Enterprise Module For Containers

Debian Linux

Software Collections

References & Advisories

相關漏洞威脅