CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View
Description
Description
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| redhat | cloudforms | * |
| rubyonrails | rails | From 3.0.0 (inc) to 4.2.11.1 (exc) |
| rubyonrails | rails | From 5.0.0 (inc) to 5.0.7.2 (exc) |
| rubyonrails | rails | From 5.1.0 (inc) to 5.1.6.2 (exc) |
| rubyonrails | rails | From 5.2.0 (inc) to 5.2.2.1 (exc) |
| debian | debian_linux | * |
| opensuse | leap | * |
| fedoraproject | fedora | * |
| redhat | cloudforms | * |
| redhat | software_collections | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| NVD-CWE-noinfo | |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
How can this vulnerability be detected on my network or system? Can you suggest some commands?
}}"
If the response contains contents of the specified file, the system is vulnerable. Monitoring network traffic for unusual Accept headers or unexpected file content disclosures can also help detect exploitation attempts. [2, 8]">
What immediate steps should I take to mitigate this vulnerability?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2019-03-27
CVE Last Modified Date:
2025-07-09
Report Generation Date:
2025-07-11
AI Powered Q&A Generation:
2025-07-08
EPSS Last Evaluated Date:
2025-07-07
NVD Report Link: