CVE-2016-0752 (GCVE-0-2016-0752)
Vulnerability from cvelistv5 – Published: 2016-02-16 02:00 – Updated: 2025-10-21 23:55
VLAI
CISA KEV
Summary
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40561/ | exploitx_refsource_EXPLOIT-DB |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/81801 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1034816 | vdb-entryx_refsource_SECTRACK |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://groups.google.com/forum/message/raw?msg=r… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2016/dsa-3464 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2016-0296.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2016-01-25 00:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 135b1fd5-4775-4f0d-9964-6f458281d32a
Exploited: Yes
Timestamps
First Seen: 2022-03-25
Asserted: 2022-03-25
Scope
Notes: KEV entry: Ruby on Rails Directory Traversal Vulnerability | Affected: Rails / Ruby on Rails | Description: Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-22 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Ruby on Rails |
| Due Date | 2022-04-15 |
| Date Added | 2022-03-25 |
| Vendorproject | Rails |
| Vulnerabilityname | Ruby on Rails Directory Traversal Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:28 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "openSUSE-SU-2016:0372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "FEDORA-2016-97002ad37b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "81801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "1034816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "FEDORA-2016-fa0dec2360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "DSA-3464",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-0752",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:26:36.145115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:55.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00.000Z",
"value": "CVE-2016-0752 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "40561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "openSUSE-SU-2016:0372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "FEDORA-2016-97002ad37b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "81801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "1034816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "FEDORA-2016-fa0dec2360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "DSA-3464",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "FEDORA-2016-97002ad37b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "81801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "FEDORA-2016-fa0dec2360",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0752",
"datePublished": "2016-02-16T02:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:55.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2016-0752",
"cwes": "[\"CWE-22\"]",
"dateAdded": "2022-03-25",
"dueDate": "2022-04-15",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"product": "Ruby on Rails",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.",
"vendorProject": "Rails",
"vulnerabilityName": "Ruby on Rails Directory Traversal Vulnerability"
},
"epss": {
"cve": "CVE-2016-0752",
"date": "2026-05-29",
"epss": "0.90494",
"percentile": "0.99626"
},
"fkie_nvd": {
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Ruby on Rails Directory Traversal Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.2.22.1\", \"matchCriteriaId\": \"E62190CB-5109-46AA-B58C-B3A11667A0AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndExcluding\": \"4.1.14.1\", \"matchCriteriaId\": \"65BD90F9-5A0C-4A1F-AB48-30FC68A3329F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2.0\", \"versionEndExcluding\": \"4.2.5.1\", \"matchCriteriaId\": \"B405A97A-7C41-4005-8E72-56F632D72B9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF8F94CF-D504-4165-A69E-3F1198CB162A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9772014-5321-4AB8-9525-A94797C993B2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D7EE4B6-A6EC-4B9B-91DF-79615796673F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del m\\u00e9todo render en una aplicaci\\u00f3n y proporcionando un .. (punto punto) en un nombre de ruta.\"}]",
"id": "CVE-2016-0752",
"lastModified": "2024-11-21T02:42:18.493",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
"published": "2016-02-16T02:59:06.783",
"references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-0752\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-02-16T02:59:06.783\",\"lastModified\":\"2026-04-22T14:36:55.247\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del m\u00e9todo render en una aplicaci\u00f3n y proporcionando un .. (punto punto) en un nombre de ruta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Ruby on Rails Directory Traversal Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.22.1\",\"matchCriteriaId\":\"E62190CB-5109-46AA-B58C-B3A11667A0AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.1.14.1\",\"matchCriteriaId\":\"65BD90F9-5A0C-4A1F-AB48-30FC68A3329F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.5.1\",\"matchCriteriaId\":\"B405A97A-7C41-4005-8E72-56F632D72B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF8F94CF-D504-4165-A69E-3F1198CB162A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9772014-5321-4AB8-9525-A94797C993B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7EE4B6-A6EC-4B9B-91DF-79615796673F\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0296.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3464\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/01/25/13\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/81801\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034816\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.exploit-db.com/exploits/40561/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/01/25/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/81801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.exploit-db.com/exploits/40561/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"name\": \"40561\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"name\": \"openSUSE-SU-2016:0372\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"name\": \"openSUSE-SU-2016:0363\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"name\": \"[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"name\": \"FEDORA-2016-97002ad37b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"name\": \"SUSE-SU-2016:1146\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"name\": \"81801\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"name\": \"1034816\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"name\": \"FEDORA-2016-fa0dec2360\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"name\": \"[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"name\": \"DSA-3464\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"name\": \"RHSA-2016:0296\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T22:30:03.939Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-0752\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T13:26:36.145115Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-25T00:00:00.000Z\", \"value\": \"CVE-2016-0752 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T13:24:34.486Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2016-01-25T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"name\": \"40561\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"name\": \"openSUSE-SU-2016:0372\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"name\": \"openSUSE-SU-2016:0363\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"name\": \"[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"name\": \"FEDORA-2016-97002ad37b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"name\": \"SUSE-SU-2016:1146\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"name\": \"81801\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"name\": \"1034816\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"name\": \"FEDORA-2016-fa0dec2360\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"name\": \"[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"name\": \"DSA-3464\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"name\": \"RHSA-2016:0296\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2017-09-09T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"name\": \"40561\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"name\": \"openSUSE-SU-2016:0372\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"name\": \"openSUSE-SU-2016:0363\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"name\": \"[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"name\": \"FEDORA-2016-97002ad37b\", \"refsource\": \"FEDORA\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"name\": \"SUSE-SU-2016:1146\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"name\": \"81801\", \"refsource\": \"BID\"}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"name\": \"1034816\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"name\": \"FEDORA-2016-fa0dec2360\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"name\": \"[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"name\": \"DSA-3464\", \"refsource\": \"DEBIAN\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"name\": \"RHSA-2016:0296\", \"refsource\": \"REDHAT\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2016-0752\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2016-0752\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:55:55.440Z\", \"dateReserved\": \"2015-12-16T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2016-02-16T02:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…