Search for vulnerabilities
| Vulnerability ID | VCID-g9t2-g33e-87fe |
| Aliases |
GHSA-2pwf-xwr3-hp55
|
| Summary | Moderate severity vulnerability that affects actionview Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-2pwf-xwr3-hp55 |
| generic_textual | MODERATE | https://github.com/advisories/GHSA-2pwf-xwr3-hp55 |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2016-2097 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/advisories/GHSA-2pwf-xwr3-hp55 | ||
| CVE-2016-2097 | https://nvd.nist.gov/vuln/detail/CVE-2016-2097 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T13:03:49.413950+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-2pwf-xwr3-hp55/GHSA-2pwf-xwr3-hp55.json | 38.0.0 |