CVE-2019-5418
high-risk
Published 2019-03-27
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Do I need to act?
!
94.3% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (7)
Affected Vendors
References (26)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0796
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1147
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1149
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1289
Permissions Required
https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0796
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1147
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1149
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1289
Permissions Required
https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
and 6 more references
67
/ 100
high-risk
Severity
26/34 · High
Exploitability
27/34 · High
Exposure
14/34 · Moderate