Ruby on rails is MVC structure framework. It is server-side framework written in ruby under MIT License.

The vulnerability is file disclosure on Action view of Ruby. CVE-2019-5418 number has been assigned. Technically, The render method It helps to view outside of the application. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.

Source

Proof of concept

For technical details click here

LEAVE A REPLY

Please enter your comment!
Please enter your name here