CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View
Description
Description
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| redhat | cloudforms | 4.7 |
| rubyonrails | rails | From 3.0.0 (inc) to 4.2.11.1 (exc) |
| rubyonrails | rails | From 5.0.0 (inc) to 5.0.7.2 (exc) |
| rubyonrails | rails | From 5.1.0 (inc) to 5.1.6.2 (exc) |
| rubyonrails | rails | From 5.2.0 (inc) to 5.2.2.1 (exc) |
| debian | debian_linux | 8.0 |
| opensuse | leap | 15.0 |
| fedoraproject | fedora | 30 |
| redhat | cloudforms | 4.6 |
| redhat | software_collections | 1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
How can this vulnerability be detected on my network or system? Can you suggest some commands?
}}"
If the response contains contents of the specified file, the system is vulnerable. Monitoring network traffic for unusual Accept headers or unexpected file content disclosures can also help detect exploitation attempts. [2, 8]">
What immediate steps should I take to mitigate this vulnerability?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2019-03-27
CVE Last Modified Date:
2025-10-30
Report Generation Date:
2025-11-18
AI Powered Q&A Generation:
2025-07-08
EPSS Last Evaluated Date:
2025-08-20
NVD Report Link: