[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-0752":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":82,"duplicate_of":9,"upstream":83,"downstream":84,"duplicates":113,"related":114,"reserved_at":9,"published_at":122,"modified_at":123,"state":124,"summary":125,"references_raw":134,"kevs":204,"epss":215,"epss_history":218,"metrics":411,"affected":423},"CVE-2016-0752","Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41,50,64],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_21AA07B7DBD2BE17","Exploit Reference (openwall.com)","reference","http://www.openwall.com/lists/oss-security/2016/01/25/13","unknown",0.2,false,[],{"_key":51,"name":52,"source":53,"url":54,"maturity":55,"reliability_score":56,"verified":57,"type":58,"platforms":59,"requires_auth":9,"exploitdb":61,"metasploit":9},"40561","Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)","exploit-database","https://www.exploit-db.com/exploits/40561","weaponized",0.8,true,"remote",[60],"multiple",{"verified":57,"type":58,"platform":60,"file":62,"codes":63},"exploits/multiple/remote/40561.rb",[7],{"_key":65,"name":66,"source":67,"url":68,"maturity":55,"reliability_score":69,"verified":57,"type":58,"platforms":70,"requires_auth":48,"exploitdb":9,"metasploit":71},"MSF_EXPLOIT_MULTI_HTTP_RAILS_DYNAMIC_RENDER_CODE_EXEC","Ruby on Rails Dynamic Render File Upload Remote Code Execution","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/http/rails_dynamic_render_code_exec.rb",1,[],{"fullname":72,"rank":73,"rank_name":74,"post_auth":48,"check":57,"notes":75},"exploit/multi/http/rails_dynamic_render_code_exec",600,"excellent",{"Stability":76,"SideEffects":78,"Reliability":80},[77],"unknown-stability",[79],"unknown-side-effects",[81],"unknown-reliability",[],[],[85,87,89,91,93,95,97,99,101,103,105,107,109,111],{"_key":86},"UBUNTU-CVE-2016-0752",{"_key":88},"SUSE-SU-2016:0456-1",{"_key":90},"SUSE-SU-2016:0457-1",{"_key":92},"SUSE-SU-2016:0599-1",{"_key":94},"SUSE-SU-2016:0618-1",{"_key":96},"SUSE-SU-2016:0858-1",{"_key":98},"SUSE-SU-2016:1146-1",{"_key":100},"SUSE-SU-2017:0475-1",{"_key":102},"RHSA-2016:0296",{"_key":104},"RHSA-2016:0454",{"_key":106},"RHSA-2016:0455",{"_key":108},"DLA-604-1",{"_key":110},"DSA-3464-1",{"_key":112},"DEBIAN-CVE-2016-0752",[],[115,116,117,118,119,120,121],{"_key":88},{"_key":90},{"_key":92},{"_key":94},{"_key":96},{"_key":98},{"_key":100},"2016-02-16T02:00:00.000Z","2025-10-21T23:55:55.440Z","Analyzed",{"cisa_kev":57,"cisa_ransomware":48,"cisa_vendor":126,"epss_severity":127,"epss_score":128,"severity":129,"severity_score":130,"severity_version":131,"severity_source":132,"severity_vector":133,"severity_status":124},"Rails","critical",0.90494,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[135,144,151,155,159,165,169,175,180,184,188,193,198],{"url":136,"sources":137,"tags":139},"https://www.exploit-db.com/exploits/40561/",[132,138],"nvd",[140,141,142,143],"Exploit","X Refsource EXPLOIT DB","Third Party Advisory","VDB Entry",{"url":145,"sources":146,"tags":147},"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html",[132,138],[148,149,150,142],"Vendor Advisory","X Refsource SUSE","Mailing List",{"url":152,"sources":153,"tags":154},"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html",[132,138],[148,149,150,142],{"url":45,"sources":156,"tags":157},[132,138],[150,158,140],"X Refsource MLIST",{"url":160,"sources":161,"tags":162},"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html",[132,138],[148,163,164],"X Refsource FEDORA","Permissions Required",{"url":166,"sources":167,"tags":168},"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html",[132,138],[148,149,150,142],{"url":170,"sources":171,"tags":172},"http://www.securityfocus.com/bid/81801",[132,138],[143,173,174,142],"X Refsource BID","Broken Link",{"url":176,"sources":177,"tags":178},"http://www.securitytracker.com/id/1034816",[132,138],[143,179,174,142],"X Refsource SECTRACK",{"url":181,"sources":182,"tags":183},"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html",[132,138],[148,163,164],{"url":185,"sources":186,"tags":187},"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ",[132,138],[150,158,174],{"url":189,"sources":190,"tags":191},"http://www.debian.org/security/2016/dsa-3464",[132,138],[148,192,150,142],"X Refsource DEBIAN",{"url":194,"sources":195,"tags":196},"http://rhn.redhat.com/errata/RHSA-2016-0296.html",[132,138],[148,197,142],"X Refsource REDHAT",{"url":199,"sources":200,"tags":201},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752",[132,138],[202,203],"Government Resource","US Government Resource",[205],{"source":206,"vendor":126,"product":207,"date_added":208,"vulnerability_name":209,"short_description":210,"required_action":211,"due_date":212,"known_ransomware_campaign_use":213,"notes":214,"exploitation_type":9},"cisa","Ruby on Rails","2022-03-25","Ruby on Rails Directory Traversal Vulnerability","Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.","Apply updates per vendor instructions.","2022-04-15","Unknown","https://nvd.nist.gov/vuln/detail/CVE-2016-0752",{"date":216,"score":128,"percentile":217},"2026-06-04",0.99627,[219,223,225,227,230,233,235,237,239,241,243,245,247,249,251,254,256,258,260,262,264,266,268,270,272,274,276,278,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,313,315,317,319,321,323,325,327,329,331,333,335,337,340,342,344,347,349,351,353,355,357,359,361,363,365,367,369,371,373,375,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,408],{"date":220,"score":221,"percentile":222},"2025-11-04",0.92705,0.99739,{"date":224,"score":221,"percentile":222},"2025-11-05",{"date":226,"score":221,"percentile":222},"2025-11-06",{"date":228,"score":221,"percentile":229},"2025-11-07",0.99737,{"date":231,"score":221,"percentile":232},"2025-11-08",0.99738,{"date":234,"score":221,"percentile":229},"2025-11-09",{"date":236,"score":221,"percentile":232},"2025-11-10",{"date":238,"score":221,"percentile":229},"2025-11-11",{"date":240,"score":221,"percentile":229},"2025-11-12",{"date":242,"score":221,"percentile":232},"2025-11-13",{"date":244,"score":221,"percentile":229},"2025-11-14",{"date":246,"score":221,"percentile":232},"2025-11-15",{"date":248,"score":221,"percentile":229},"2025-11-16",{"date":250,"score":221,"percentile":222},"2025-11-17",{"date":252,"score":221,"percentile":253},"2025-11-18",0.99813,{"date":255,"score":221,"percentile":253},"2025-11-19",{"date":257,"score":221,"percentile":253},"2025-11-20",{"date":259,"score":221,"percentile":229},"2025-11-21",{"date":261,"score":221,"percentile":229},"2025-11-22",{"date":263,"score":221,"percentile":229},"2025-11-23",{"date":265,"score":221,"percentile":229},"2025-11-24",{"date":267,"score":221,"percentile":232},"2025-11-25",{"date":269,"score":221,"percentile":232},"2025-11-26",{"date":271,"score":221,"percentile":232},"2025-11-27",{"date":273,"score":221,"percentile":229},"2025-11-28",{"date":275,"score":221,"percentile":232},"2025-11-29",{"date":277,"score":221,"percentile":232},"2025-11-30",{"date":279,"score":280,"percentile":281},"2025-12-01",0.92461,0.99723,{"date":283,"score":280,"percentile":281},"2025-12-02",{"date":285,"score":280,"percentile":281},"2025-12-03",{"date":287,"score":221,"percentile":229},"2025-12-04",{"date":289,"score":221,"percentile":229},"2025-12-05",{"date":291,"score":221,"percentile":232},"2025-12-06",{"date":293,"score":221,"percentile":222},"2025-12-07",{"date":295,"score":221,"percentile":222},"2025-12-08",{"date":297,"score":221,"percentile":232},"2025-12-09",{"date":299,"score":221,"percentile":222},"2025-12-10",{"date":301,"score":221,"percentile":232},"2025-12-11",{"date":303,"score":221,"percentile":222},"2025-12-12",{"date":305,"score":221,"percentile":232},"2025-12-13",{"date":307,"score":221,"percentile":232},"2025-12-14",{"date":309,"score":221,"percentile":232},"2025-12-15",{"date":311,"score":221,"percentile":312},"2025-12-16",0.9974,{"date":314,"score":221,"percentile":312},"2025-12-17",{"date":316,"score":221,"percentile":222},"2025-12-18",{"date":318,"score":221,"percentile":222},"2025-12-19",{"date":320,"score":221,"percentile":222},"2025-12-20",{"date":322,"score":221,"percentile":222},"2025-12-21",{"date":324,"score":221,"percentile":312},"2025-12-22",{"date":326,"score":221,"percentile":222},"2025-12-23",{"date":328,"score":221,"percentile":222},"2025-12-24",{"date":330,"score":221,"percentile":232},"2025-12-25",{"date":332,"score":221,"percentile":232},"2025-12-26",{"date":334,"score":221,"percentile":232},"2025-12-27",{"date":336,"score":221,"percentile":229},"2025-12-28",{"date":338,"score":221,"percentile":339},"2025-12-29",0.99736,{"date":341,"score":221,"percentile":229},"2025-12-30",{"date":343,"score":221,"percentile":229},"2025-12-31",{"date":345,"score":280,"percentile":346},"2026-01-01",0.99724,{"date":348,"score":280,"percentile":346},"2026-01-02",{"date":350,"score":280,"percentile":346},"2026-01-03",{"date":352,"score":221,"percentile":339},"2026-01-04",{"date":354,"score":221,"percentile":339},"2026-01-05",{"date":356,"score":221,"percentile":229},"2026-01-06",{"date":358,"score":221,"percentile":229},"2026-01-07",{"date":360,"score":221,"percentile":229},"2026-01-08",{"date":362,"score":221,"percentile":229},"2026-01-09",{"date":364,"score":221,"percentile":229},"2026-01-10",{"date":366,"score":221,"percentile":339},"2026-01-11",{"date":368,"score":221,"percentile":339},"2026-01-12",{"date":370,"score":221,"percentile":339},"2026-01-13",{"date":372,"score":221,"percentile":229},"2026-01-14",{"date":374,"score":221,"percentile":232},"2026-01-15",{"date":376,"score":221,"percentile":232},"2026-01-16",{"date":378,"score":221,"percentile":222},"2026-01-17",{"date":380,"score":221,"percentile":229},"2026-01-18",{"date":382,"score":221,"percentile":232},"2026-01-19",{"date":384,"score":221,"percentile":229},"2026-01-20",{"date":386,"score":221,"percentile":232},"2026-01-21",{"date":388,"score":221,"percentile":232},"2026-01-22",{"date":390,"score":221,"percentile":232},"2026-01-23",{"date":392,"score":221,"percentile":222},"2026-01-24",{"date":394,"score":221,"percentile":222},"2026-01-25",{"date":396,"score":221,"percentile":232},"2026-01-26",{"date":398,"score":221,"percentile":222},"2026-01-27",{"date":400,"score":221,"percentile":222},"2026-01-28",{"date":402,"score":221,"percentile":222},"2026-01-29",{"date":404,"score":221,"percentile":312},"2026-01-30",{"date":406,"score":221,"percentile":407},"2026-01-31",0.99741,{"date":409,"score":280,"percentile":410},"2026-02-01",0.99728,[412,417],{"source":132,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":413,"cvss_v4_0":9},{"baseScore":130,"baseSeverity":414,"vectorString":133,"impactScore":415,"exploitabilityScore":416},"HIGH",6,10,{"source":138,"cvss_v2_0":418,"cvss_v3_0":9,"cvss_v3_1":422,"cvss_v4_0":9},{"baseScore":419,"baseSeverity":9,"vectorString":420,"impactScore":421,"exploitabilityScore":416},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,{"baseScore":130,"baseSeverity":414,"vectorString":133,"impactScore":415,"exploitabilityScore":416},[424,433,439,443,451,470],{"ecosystem":9,"name":425,"vendor":426,"product":427,"cpe_part":428,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":429},"debian linux","debian","debian_linux","o",[430],{"version":431,"is_range":48,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":434,"vendor":435,"product":434,"cpe_part":428,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":436},"leap","opensuse",[437],{"version":438,"is_range":48,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.1",{"ecosystem":9,"name":435,"vendor":435,"product":435,"cpe_part":428,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":440},[441],{"version":442,"is_range":48,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13.2",{"ecosystem":9,"name":444,"vendor":445,"product":446,"cpe_part":447,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},"software collections","redhat","software_collections","a",[449],{"version":450,"is_range":48,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0",{"ecosystem":9,"name":452,"vendor":453,"product":452,"cpe_part":447,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"rails","rubyonrails",[455,459,464,468],{"version":456,"is_range":57,"range_type":432,"version_start":9,"version_start_type":9,"version_end":457,"version_end_type":458,"fixed_in":9},"lt3.2.22.1","3.2.22.1","excluding",{"version":460,"is_range":57,"range_type":432,"version_start":461,"version_start_type":462,"version_end":463,"version_end_type":458,"fixed_in":9},"gte4.0.0_lt4.1.14.1","4.0.0","including","4.1.14.1",{"version":465,"is_range":57,"range_type":432,"version_start":466,"version_start_type":462,"version_end":467,"version_end_type":458,"fixed_in":9},"gte4.2.0_lt4.2.5.1","4.2.0","4.2.5.1",{"version":469,"is_range":48,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.0.0:beta1",{"ecosystem":9,"name":471,"vendor":472,"product":473,"cpe_part":428,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"linux enterprise module for containers","suse","linux_enterprise_module_for_containers",[475],{"version":476,"is_range":48,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12"]