[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-17605":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":53,"name":54,"published":55,"updated":34},17605,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},3,"OpenVAS",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":45,"epss_score":46,"epss_percentile":47,"cve":48,"in_cisa_catalog":52,"date":34,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"high","Multiple flaws are due to: - Directory traversal vulnerability in Action View. - The script actionpack/lib/action_dispatch/http/mime_type.rb does not properly restrict use of the MIME type cache. - The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb does not use a constant-time algorithm for verifying credentials. Successful exploitation will allow a remote attacker to read arbitrary files by leveraging an applications unrestricted use of the render method, to cause a denial of service.","Ruby on Rails is prone to multiple vulnerabilities.","Update to version 3.2.22.1, 4.1.14.1, 4.2.5.1 or later.",[40,41,42,43,44],"https://www.cisa.gov/known-exploited-vulnerabilities-catalog","http://www.openwall.com/lists/oss-security/2016/01/25/10","http://www.securityfocus.com/bid/81801","http://www.securityfocus.com/bid/81800","http://www.securityfocus.com/bid/81803",7.5,0.91051,0.99637,[49,50,51],"CVE-2016-0752","CVE-2016-0751","CVE-2015-7576",true,"NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.809356","Ruby on Rails Multiple Vulnerabilities (Jan 2016) - Windows","2018-01-02T00:00:00Z"]