← Back to CVEs
CVE-2016-0752
HIGHCISA KEV7.5
Description
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/16/2016
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorRails
ProductRuby on Rails
Vulnerability NameRuby on Rails Directory Traversal Vulnerability
KEV Date Added2022-03-25
Remediation Due Date2022-04-15
Ransomware UseUnknown
Affected Products
debian:debian_linuxopensuse:leapopensuse:opensuseredhat:software_collectionsrubyonrails:railssuse:linux_enterprise_module_for_containers
Weaknesses (CWE)
CWE-22CWE-22
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3464(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2016/01/25/13(secalert@redhat.com)
http://www.securityfocus.com/bid/81801(secalert@redhat.com)
http://www.securitytracker.com/id/1034816(secalert@redhat.com)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(secalert@redhat.com)
https://www.exploit-db.com/exploits/40561/(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3464(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/01/25/13(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/81801(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034816(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40561/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.