[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"vulnerability-4085":17,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":49},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},{"id":18,"detectable_with":19,"vuln_details":26,"vuln_id":46,"name":47,"published":48,"updated":27},4085,{"tool":20,"engine":23},{"id":21,"name":22},1,"Network Scanner",{"id":24,"name":25},3,"OpenVAS",{"id":18,"codename":27,"description":27,"severity":28,"risk_description":29,"public_description":30,"public_recommendation":31,"recommendation":27,"references":32,"cvssv3":38,"epss_score":39,"epss_percentile":40,"cve":41,"in_cisa_catalog":44,"date":45,"software_type":27,"vendor":27,"product":27,"ptt_exploit_capabilities":27},null,"high","There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. The impact is limited to calls to render which render file contents without a specified accept format. Impacted code in a controller looks something like this: class UserController \u003C ApplicationController def index render file:#{Rails.root}/some/file end end Rendering templates as opposed to files is not impacted by this vulnerability. An attacker might be able to read any file on the file system of the host system.","The web application on the remote host is prone to a LFI (Local File Inclusion) vulnerability if the hosting system is running an outdated version of Ruby on Rails.","Update the Ruby on Rails version to 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2 or 4.2.11.1 or later. If this is not possible mitigations steps on how to update the affected code path of the application are provided in the references.",[33,34,35,36,37],"https://www.cisa.gov/known-exploited-vulnerabilities-catalog","https://www.openwall.com/lists/oss-security/2019/03/13/5","https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q","https://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/","https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715",7.5,0.94318,0.9995,[42,43],"CVE-2019-5418","CVE-2019-5419",true,"2019-03-27T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.108562","Ruby on Rails CVE-2019-5418 LFI (Local File Inclusion) Vulnerability","2019-03-17T00:00:00Z",["Island",50],{"key":51,"params":52,"result":54},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":53},"{\"text-color\":\"gray\"}",{"head":55},{}]