Ruby on rails is
The vulnerability is file disclosure on Action view of Ruby. CVE-2019-5418 number has been assigned. Technically, The render method It helps to view outside of the application. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
Proof of concept
For technical details click here