Moderate severity vulnerability that affects actionview

Withdrawn, accidental duplicate publish.

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Published: Sep 17, 2018
Updated: Apr 14, 2023
GHSA: GHSA-6834-r92f-jj42
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
actionview	4.1.0	4.1.14.1
actionview	4.2.0	4.2.5.1

No references available.

Vulnerability Database

289,784

Moderate severity vulnerability that affects actionview