CVE-2016-0752

Advisory lineage Upstream: 0 Downstream: 14
Analyzed
Published: 16 Feb 2016, 02:00
Last modified:21 Oct 2025, 23:55

Vulnerability Summary

Overall Risk (default)
high
58/100
CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
90.49% CRITICAL
90% probability -2.21%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
3 found
Dark Web
Not detected

Timeline

16 Feb 2016, 02:00
Published
Vulnerability first disclosed
25 Mar 2022, 00:00
Added to CISA KEV
Ruby on Rails Directory Traversal Vulnerability
15 Apr 2022, 00:00
CISA Remediation Due
Apply updates per vendor instructions.
21 Oct 2025, 23:55
Last Modified
Vulnerability information updated

Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 90.49% Percentile: 100%

Techniques & Countermeasures

  • CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Affected Systems

  • debiandebian_linux

    8.0

  • opensuseleap

    42.1

  • opensuseopensuse

    13.2

  • redhatsoftware_collections

    1.0

  • rubyonrailsrails

    < 3.2.22.1 | ≥ 4.0.0, < 4.1.14.1 | ≥ 4.2.0, < 4.2.5.1 | 5.0.0:beta1

  • suselinux_enterprise_module_for_containers

    12

References (13)