CVE-2016-0752 High Severity Vulnerability detected by WhiteSource
Opened this issue · 0 comments
CVE-2016-0752 - High Severity Vulnerability
Vulnerable Library - rails-3.2.11.gem
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
path: /gems/2.3.0/cache/rails-3.2.11.gem
Library home page: http://rubygems.org/gems/rails-3.2.11.gem
Dependency Hierarchy:
- ❌ rails-3.2.11.gem (Vulnerable Library)
Vulnerability Details
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Publish Date: 2016-02-16
URL: CVE-2016-0752
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Release Date: 2016-02-16
Fix Resolution: 3.2.22.1,4.1.14.1,4.2.5.1,5.0.0.beta1.1
Step up your Open Source Security Game with WhiteSource here