CVE-2019-5418 is a file content exposure vulnerability discovered in the Action View component of Ruby on Rails in March 2019. This vulnerability affects Action View versions prior to 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1, and all versions in the v3 series.
| Product | Ruby on Rails, Ruby-on-Rails |
| Date | 2025-07-09 07:36:20 |
| Information |
|
Technical Summary
Details: The vulnerability exploits a path traversal flaw in the Action View rendering process, specifically in the find_file method within template_renderer.rb. When the render method processes views outside the application scope, it uses the find_templates method from PathResolver to resolve the path. This method accepts a pattern to resolve in order to locate the path; the vulnerability stems from the ability to manipulate and inject a payload used to construct this pattern in the build_query method: For example, pattern: template.:variants and the variants variable as [‘mobile’, ‘tablet’, ‘desktop’] will produce: template.{mobile,tablet,desktop} The variants variable can be manipulated via the Accept header: Accept: ../../../../../../../../../etc/passwd{{
Unauthenticated attack: No prior authentication is required.
This design weakness in the template resolution mechanism allows attackers to read sensitive system files by manipulating Accept headers to trigger the vulnerable code path, effectively bypassing application-level file access controls through the template rendering system.
Recommendations
- Apply the patch immediately: Update to version 5.2.2.1 or higher.
- Web Application Firewall (WAF): Implement WAF rules to filter malicious Accept headers.
- Apply permissions: Limit file system permissions to reduce the exposure of sensitive files.
[Callforaction-THREAT-Footer]
