Package impact
RubyGems / actionview
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5418 | unknown | — | 2.5 | 7y ago | Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server… | |||
| CVE-2016-0752 | unknown | — | 2.5 | 11y ago | Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. | |||
| CVE-2020-8163 | unknown | — | 1.0 | 6y ago | The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. |