suse · CVE-2016-0752

Quick triage

Priority: medium 公開: 2021-05-30 13:37:12 UTC Updated: 2024-07-22 01:07:24 UTC

参照: Official suse advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-0752 severity moderate: SUSE including 17 source package names (libcontainment-insomnia-0.1.1-0.9.4.19, libjansson4-2.2.1-0.9.11.6, …), 33 product×package rows across 9 product lines (SUSE Enterprise Storage 2.1, SUSE Lifecycle Management Server 1.3, … (9 product lines)): Fixed 33.

Description:

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

cvelogic Threat Intelligence