CISA KEV 정보
| 취약점명 | Ruby on Rails Directory Traversal Vulnerability |
|---|---|
| 설명 | Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-22 |
| 등록일 (KEV) | 2022-03-25 |
| 조치 기한 | 2022-04-15 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2016-0752 |
NVD 상세 정보
CVSS v3.1: 7.5 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS v2.0: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N설명: Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CWE: CWE-22 | CWE-22
참조
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html [Permissions Required]
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html [Permissions Required]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2016-0296.html [Third Party Advisory]
- http://www.debian.org/security/2016/dsa-3464 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2016/01/25/13 [Exploit, Mailing List]
- http://www.securityfocus.com/bid/81801 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1034816 [Broken Link, Third Party Advisory, VDB Entry]
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ [Broken Link]
- https://www.exploit-db.com/exploits/40561/ [Exploit, Third Party Advisory, VDB Entry]
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html [Permissions Required]
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html [Permissions Required]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html [Mailing List, Third Party Advisory]
- ... 외 10건
This product uses the NVD API but is not endorsed or certified by the NVD.