CVE-2019-5418
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-5418
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Action View 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Action View中存在信息泄露漏洞。攻击者可利用该漏洞泄露文件内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rails | https://github.com/rails/rails | 5.2.2.1 | - |
II. Public POCs for CVE-2019-5418
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2019-5418 - File Content Disclosure on Ruby on Rails | https://github.com/mpgn/CVE-2019-5418 | POC Details |
| 2 | File Content Disclosure on Rails Test Case - CVE-2019-5418 | https://github.com/omarkurt/CVE-2019-5418 | POC Details |
| 3 | A multi-threaded Golang scanner to identify Ruby endpoints vulnerable to CVE-2019-5418 | https://github.com/brompwnie/CVE-2019-5418-Scanner | POC Details |
| 4 | RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420) | https://github.com/mpgn/Rails-doubletap-RCE | POC Details |
| 5 | None | https://github.com/takeokunn/CVE-2019-5418 | POC Details |
| 6 | a demo for Ruby on Rails CVE-2019-5418 | https://github.com/Bad3r/RailroadBandit | POC Details |
| 7 | Rails 3 PoC of CVE-2019-5418 | https://github.com/ztgrace/CVE-2019-5418-Rails3 | POC Details |
| 8 | None | https://github.com/random-robbie/CVE-2019-5418 | POC Details |
| 9 | Ruby on Rails是一个 Web 应用程序框架,是一个相对较新的 Web 应用程序框架,构建在 Ruby 语言之上。这个漏洞主要是由于Ruby on Rails使用了指定参数的render file来渲染应用之外的视图,我们可以通过修改访问某控制器的请求包,通过“…/…/…/…/”来达到路径穿越的目的,然后再通过“{{”来进行模板查询路径的闭合,使得所要访问的文件被当做外部模板来解析。 | https://github.com/kailing0220/CVE-2019-5418 | POC Details |
| 10 | WHS 3기 장대혁 취약한(CVE) Docker 환경 구성 과제입니다. | https://github.com/daehyeok0618/CVE-2019-5418 | POC Details |
| 11 | Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-5418.yaml | POC Details |
| 12 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Ruby%20On%20Rails%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E4%B8%8E%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2019-5418.md | POC Details |
| 13 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Rails%20Accept%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2019-5418.md | POC Details |
| 14 | https://github.com/vulhub/vulhub/blob/master/rails/CVE-2019-5418/README.md | POC Details | |
| 15 | None | https://github.com/melardev/CVE-2019-5418 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-5418
请登录查看更多情报信息。
- https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Qx_refsource_CONFIRM
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.htmlvendor-advisoryx_refsource_SUSE
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/vendor-advisoryx_refsource_FEDORA
- https://nvd.nist.gov/vuln/detail/CVE-2019-5418
Same Patch Batch · Rails · 2019-03-27 · 3 CVEs total
| CVE-2019-5419 | Rails 资源管理错误漏洞 | |
| CVE-2019-5420 | Ruby on Rails 安全特征问题漏洞 |
IV. Related Vulnerabilities
Same vendor: Rails
- CVE-2026-33658
Rails Active Storage has a possible DoS vulnerability in pro - CVE-2026-33202
Rails Active Storage has possible glob injection in its Disk - CVE-2026-33195
Rails Active Storage has possible Path Traversal in DiskServ - CVE-2026-33176
Rails Active Support has a possible DoS vulnerability in its - CVE-2026-33174
Rails Active Storage has a possible DoS vulnerability when i
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2019-5418
No comments yet