Name | rails_accept_readfile |
CVE | CVE-2019-5418 |
Exploit Pack | CANVAS |
Description | Ruby on Rails Arbitrary File Read (CVE-2019-5418) |
Notes | CVE Name: CVE-2019-5418 VENDOR: Rails NOTES: The vulnerability resides in Action View in combination with calls to 'render file:' in a controller. You need to place in the corresponding textfield the path to the controller that uses 'render file' in a similar way to the code below: class HelloController < ApplicationController def index render file: "#{Rails.root}/some/file" end end Vulnerable Rails versions: * < 5.2.2.1 * < 5.1.6.2 * < 5.0.7.2 * < 4.2.11.1 Tested on: * Ubuntu 18.10, Rails 5.2.1 Repeatability: Infinite References: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5418 Date public: 13/03/2019 |
Learn more about the CANVAS Exploit Pack here: CANVAS |