CVE-2016-2097

MEDIUM

Rails < 3.2.22.1 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

References (8)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

[Patch, Vendor Advisory] http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035122

[Mailing List] https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/83726

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3509

Scores

CVSS v3 5.3

EPSS 0.0191

EPSS Percentile 83.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-22

Status draft

Affected Products (50)

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

... and 35 more

Timeline

Published Apr 07, 2016

Tracked Since Feb 18, 2026