Vulnerability — CVE-2016-0752

CVE-2016-0752

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Description:: Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Last updated date:: 07/16/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/26/2016
Reference url to background: https://github.com/forced-request/rails-rce-cve-2016-0752

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/02/2020
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_dynamic_render_code_exec.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/16/2024
Reference url to background: http://www.openwall.com/lists/oss-security/2016/01/25/13