Ruby on rails is MVC structure framework. It is server-side framework written in ruby under MIT License.

The vulnerability is file disclosure on Action view of Ruby. CVE-2019-5418 number has been assigned. Technically, The render method It helps to view outside of the application. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.


Proof of concept

For technical details click here


Please enter your comment!
Please enter your name here