[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-5418":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":47,"aliases":89,"duplicate_of":9,"upstream":90,"downstream":91,"duplicates":148,"related":149,"reserved_at":9,"published_at":170,"modified_at":171,"state":172,"summary":173,"references_raw":182,"kevs":257,"epss":268,"epss_history":271,"metrics":463,"affected":475},"CVE-2019-5418","There is a File Content Disclosure vulnerability in Action View \u003C5.2.2.1, \u003C5.1.6.2, \u003C5.0.7.2, \u003C4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.",null,[11,18],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":25,"capec":26},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[27,31,35,39,43],{"id":28,"name":29,"techniques":30},"CAPEC-126","Path Traversal",[],{"id":32,"name":33,"techniques":34},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":36,"name":37,"techniques":38},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":40,"name":41,"techniques":42},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":44,"name":45,"techniques":46},"CAPEC-79","Using Slashes in Alternate Encoding",[],[48,57,70],{"_key":49,"name":50,"source":51,"url":52,"maturity":53,"reliability_score":54,"verified":55,"type":9,"platforms":56,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_A30C74637B82C6D5","Exploit Reference (packetstormsecurity.com)","reference","http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html","unknown",0.2,false,[],{"_key":58,"name":59,"source":60,"url":61,"maturity":62,"reliability_score":63,"verified":55,"type":9,"platforms":64,"requires_auth":9,"exploitdb":66,"metasploit":9},"46585","Rails 5.2.1 - Arbitrary File Content Disclosure","exploit-database","https://www.exploit-db.com/exploits/46585","poc",0.5,[65],"multiple",{"verified":55,"type":67,"platform":65,"file":68,"codes":69},"webapps","exploits/multiple/webapps/46585.py",[7],{"_key":71,"name":72,"source":73,"url":74,"maturity":62,"reliability_score":63,"verified":55,"type":75,"platforms":76,"requires_auth":55,"exploitdb":9,"metasploit":77},"MSF_AUXILIARY_GATHER_RAILS_DOUBLETAP_FILE_READ","Ruby On Rails File Content Disclosure ('doubletap')","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/rails_doubletap_file_read.rb","remote",[],{"fullname":78,"rank":79,"rank_name":80,"post_auth":55,"check":81,"notes":82},"auxiliary/gather/rails_doubletap_file_read",300,"normal",true,{"Stability":83,"SideEffects":85,"Reliability":87},[84],"unknown-stability",[86],"unknown-side-effects",[88],"unknown-reliability",[],[],[92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146],{"_key":93},"RHSA-2019:0796",{"_key":95},"RHSA-2019:1147",{"_key":97},"RHSA-2019:1149",{"_key":99},"RHSA-2019:1289",{"_key":101},"SUSE-SU-2019:0915-1",{"_key":103},"SUSE-SU-2020:3036-1",{"_key":105},"SUSE-SU-2020:3147-1",{"_key":107},"SUSE-SU-2020:3160-1",{"_key":109},"UBUNTU-CVE-2019-5418",{"_key":111},"OPENSUSE-SU-2019:1344-1",{"_key":113},"OPENSUSE-SU-2020:1993-1",{"_key":115},"OPENSUSE-SU-2020:2000-1",{"_key":117},"OPENSUSE-SU-2024:11818-1",{"_key":119},"OPENSUSE-SU-2024:11819-1",{"_key":121},"OPENSUSE-SU-2024:11820-1",{"_key":123},"OPENSUSE-SU-2024:11821-1",{"_key":125},"OPENSUSE-SU-2024:11822-1",{"_key":127},"OPENSUSE-SU-2024:11823-1",{"_key":129},"OPENSUSE-SU-2024:11824-1",{"_key":131},"OPENSUSE-SU-2024:11825-1",{"_key":133},"OPENSUSE-SU-2024:11826-1",{"_key":135},"OPENSUSE-SU-2024:11827-1",{"_key":137},"OPENSUSE-SU-2024:11828-1",{"_key":139},"OPENSUSE-SU-2024:11831-1",{"_key":141},"OPENSUSE-SU-2024:11832-1",{"_key":143},"DLA-1739-1",{"_key":145},"DEBIAN-CVE-2019-5418",{"_key":147},"USN-7646-1",[],[150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169],{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":111},{"_key":113},{"_key":115},{"_key":117},{"_key":119},{"_key":121},{"_key":123},{"_key":125},{"_key":127},{"_key":129},{"_key":131},{"_key":133},{"_key":135},{"_key":137},{"_key":139},{"_key":141},"2019-03-27T13:38:58.000Z","2025-10-21T23:45:41.038Z","Analyzed",{"cisa_kev":81,"cisa_ransomware":55,"cisa_vendor":174,"epss_severity":175,"epss_score":176,"severity":177,"severity_score":178,"severity_version":179,"severity_source":180,"severity_vector":181,"severity_status":172},"Rails","critical",0.94318,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[183,192,196,204,211,216,220,225,230,235,239,243,247,251],{"url":184,"sources":185,"tags":187},"https://www.exploit-db.com/exploits/46585/",[180,186],"nvd",[188,189,190,191],"Exploit","X Refsource EXPLOIT DB","Third Party Advisory","VDB Entry",{"url":52,"sources":193,"tags":194},[180,186],[195,188,190,191],"X Refsource MISC",{"url":197,"sources":198,"tags":199},"http://www.openwall.com/lists/oss-security/2019/03/22/1",[180,186],[200,201,202,203,190],"Mailing List","X Refsource MLIST","Mitigation","Patch",{"url":205,"sources":206,"tags":207},"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",[180,186],[208,209,203,210],"X Refsource CONFIRM","Broken Link","Vendor Advisory",{"url":212,"sources":213,"tags":214},"https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q",[180,186],[208,215],"Permissions Required",{"url":217,"sources":218,"tags":219},"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html",[180,186],[200,201,190],{"url":221,"sources":222,"tags":223},"https://access.redhat.com/errata/RHSA-2019:0796",[180,186],[210,224,190],"X Refsource REDHAT",{"url":226,"sources":227,"tags":228},"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html",[180,186],[210,229,200,190],"X Refsource SUSE",{"url":231,"sources":232,"tags":233},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/",[180,186],[210,234,190],"X Refsource FEDORA",{"url":236,"sources":237,"tags":238},"https://access.redhat.com/errata/RHSA-2019:1149",[180,186],[210,224,190],{"url":240,"sources":241,"tags":242},"https://access.redhat.com/errata/RHSA-2019:1147",[180,186],[210,224,190],{"url":244,"sources":245,"tags":246},"https://access.redhat.com/errata/RHSA-2019:1289",[180,186],[210,224,190],{"url":248,"sources":249,"tags":250},"https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",[180,186],[203,210],{"url":252,"sources":253,"tags":254},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418",[180,186],[255,256],"Government Resource","US Government Resource",[258],{"source":259,"vendor":174,"product":260,"date_added":261,"vulnerability_name":262,"short_description":263,"required_action":264,"due_date":265,"known_ransomware_campaign_use":266,"notes":267,"exploitation_type":9},"cisa","Ruby on Rails","2025-07-07","Rails Ruby on Rails Path Traversal Vulnerability","Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2025-07-28","Unknown","https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-5418",{"date":269,"score":176,"percentile":270},"2026-06-04",0.99952,[272,276,278,280,283,285,287,289,291,293,296,298,300,302,304,308,310,312,314,316,318,320,322,324,326,328,330,332,335,337,339,341,343,345,347,349,351,354,356,358,360,362,364,366,368,370,372,375,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460],{"date":273,"score":274,"percentile":275},"2025-11-04",0.9434,0.99949,{"date":277,"score":274,"percentile":275},"2025-11-05",{"date":279,"score":274,"percentile":275},"2025-11-06",{"date":281,"score":274,"percentile":282},"2025-11-07",0.99948,{"date":284,"score":274,"percentile":282},"2025-11-08",{"date":286,"score":274,"percentile":282},"2025-11-09",{"date":288,"score":274,"percentile":282},"2025-11-10",{"date":290,"score":274,"percentile":282},"2025-11-11",{"date":292,"score":274,"percentile":282},"2025-11-12",{"date":294,"score":274,"percentile":295},"2025-11-13",0.99947,{"date":297,"score":274,"percentile":282},"2025-11-14",{"date":299,"score":274,"percentile":275},"2025-11-15",{"date":301,"score":274,"percentile":282},"2025-11-16",{"date":303,"score":274,"percentile":282},"2025-11-17",{"date":305,"score":306,"percentile":307},"2025-11-18",0.93605,0.99888,{"date":309,"score":306,"percentile":307},"2025-11-19",{"date":311,"score":306,"percentile":307},"2025-11-20",{"date":313,"score":274,"percentile":282},"2025-11-21",{"date":315,"score":274,"percentile":282},"2025-11-22",{"date":317,"score":274,"percentile":282},"2025-11-23",{"date":319,"score":274,"percentile":282},"2025-11-24",{"date":321,"score":274,"percentile":282},"2025-11-25",{"date":323,"score":274,"percentile":275},"2025-11-26",{"date":325,"score":274,"percentile":275},"2025-11-27",{"date":327,"score":274,"percentile":275},"2025-11-28",{"date":329,"score":274,"percentile":275},"2025-11-29",{"date":331,"score":274,"percentile":275},"2025-11-30",{"date":333,"score":334,"percentile":275},"2025-12-01",0.94331,{"date":336,"score":334,"percentile":275},"2025-12-02",{"date":338,"score":334,"percentile":275},"2025-12-03",{"date":340,"score":274,"percentile":275},"2025-12-04",{"date":342,"score":274,"percentile":275},"2025-12-05",{"date":344,"score":274,"percentile":275},"2025-12-06",{"date":346,"score":274,"percentile":275},"2025-12-07",{"date":348,"score":274,"percentile":275},"2025-12-08",{"date":350,"score":274,"percentile":275},"2025-12-09",{"date":352,"score":274,"percentile":353},"2025-12-10",0.9995,{"date":355,"score":274,"percentile":353},"2025-12-11",{"date":357,"score":274,"percentile":353},"2025-12-12",{"date":359,"score":274,"percentile":353},"2025-12-13",{"date":361,"score":274,"percentile":353},"2025-12-14",{"date":363,"score":274,"percentile":353},"2025-12-15",{"date":365,"score":274,"percentile":353},"2025-12-16",{"date":367,"score":274,"percentile":353},"2025-12-17",{"date":369,"score":274,"percentile":275},"2025-12-18",{"date":371,"score":274,"percentile":353},"2025-12-19",{"date":373,"score":274,"percentile":374},"2025-12-20",0.99951,{"date":376,"score":274,"percentile":374},"2025-12-21",{"date":378,"score":274,"percentile":374},"2025-12-22",{"date":380,"score":274,"percentile":374},"2025-12-23",{"date":382,"score":274,"percentile":353},"2025-12-24",{"date":384,"score":274,"percentile":374},"2025-12-25",{"date":386,"score":274,"percentile":353},"2025-12-26",{"date":388,"score":274,"percentile":374},"2025-12-27",{"date":390,"score":274,"percentile":374},"2025-12-28",{"date":392,"score":274,"percentile":374},"2025-12-29",{"date":394,"score":274,"percentile":374},"2025-12-30",{"date":396,"score":274,"percentile":374},"2025-12-31",{"date":398,"score":334,"percentile":374},"2026-01-01",{"date":400,"score":334,"percentile":374},"2026-01-02",{"date":402,"score":334,"percentile":374},"2026-01-03",{"date":404,"score":274,"percentile":374},"2026-01-04",{"date":406,"score":274,"percentile":374},"2026-01-05",{"date":408,"score":274,"percentile":374},"2026-01-06",{"date":410,"score":274,"percentile":374},"2026-01-07",{"date":412,"score":274,"percentile":374},"2026-01-08",{"date":414,"score":274,"percentile":374},"2026-01-09",{"date":416,"score":417,"percentile":374},"2026-01-10",0.94336,{"date":419,"score":417,"percentile":374},"2026-01-11",{"date":421,"score":417,"percentile":374},"2026-01-12",{"date":423,"score":417,"percentile":374},"2026-01-13",{"date":425,"score":417,"percentile":374},"2026-01-14",{"date":427,"score":417,"percentile":374},"2026-01-15",{"date":429,"score":417,"percentile":353},"2026-01-16",{"date":431,"score":417,"percentile":353},"2026-01-17",{"date":433,"score":417,"percentile":374},"2026-01-18",{"date":435,"score":417,"percentile":374},"2026-01-19",{"date":437,"score":417,"percentile":374},"2026-01-20",{"date":439,"score":417,"percentile":374},"2026-01-21",{"date":441,"score":417,"percentile":374},"2026-01-22",{"date":443,"score":417,"percentile":374},"2026-01-23",{"date":445,"score":417,"percentile":374},"2026-01-24",{"date":447,"score":417,"percentile":374},"2026-01-25",{"date":449,"score":417,"percentile":374},"2026-01-26",{"date":451,"score":417,"percentile":374},"2026-01-27",{"date":453,"score":417,"percentile":374},"2026-01-28",{"date":455,"score":417,"percentile":374},"2026-01-29",{"date":457,"score":417,"percentile":374},"2026-01-30",{"date":459,"score":417,"percentile":374},"2026-01-31",{"date":461,"score":462,"percentile":374},"2026-02-01",0.94327,[464,469],{"source":180,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":465,"cvss_v4_0":9},{"baseScore":178,"baseSeverity":466,"vectorString":181,"impactScore":467,"exploitabilityScore":468},"HIGH",6,10,{"source":186,"cvss_v2_0":470,"cvss_v3_0":9,"cvss_v3_1":474,"cvss_v4_0":9},{"baseScore":471,"baseSeverity":9,"vectorString":472,"impactScore":473,"exploitabilityScore":468},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,{"baseScore":178,"baseSeverity":466,"vectorString":181,"impactScore":467,"exploitabilityScore":468},[476,485,491,497,511,519,525],{"ecosystem":9,"name":477,"vendor":478,"product":479,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"debian linux","debian","debian_linux","o",[482],{"version":483,"is_range":55,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":486,"vendor":487,"product":486,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":488},"fedora","fedoraproject",[489],{"version":490,"is_range":55,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":492,"vendor":493,"product":492,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":494},"leap","opensuse",[495],{"version":496,"is_range":55,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"ecosystem":9,"name":498,"vendor":499,"product":498,"cpe_part":500,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":501},"https://github.com/rails/rails","rails","a",[502,505,507,509],{"version":503,"is_range":55,"range_type":180,"version_start":503,"version_start_type":504,"version_end":503,"version_end_type":504,"fixed_in":9},"5.2.2.1","including",{"version":506,"is_range":55,"range_type":180,"version_start":506,"version_start_type":504,"version_end":506,"version_end_type":504,"fixed_in":9},"5.1.6.2",{"version":508,"is_range":55,"range_type":180,"version_start":508,"version_start_type":504,"version_end":508,"version_end_type":504,"fixed_in":9},"5.0.7.2",{"version":510,"is_range":55,"range_type":180,"version_start":510,"version_start_type":504,"version_end":510,"version_end_type":504,"fixed_in":9},"4.2.11.1",{"ecosystem":9,"name":512,"vendor":513,"product":512,"cpe_part":500,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":514},"cloudforms","redhat",[515,517],{"version":516,"is_range":55,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.7",{"version":518,"is_range":55,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.6",{"ecosystem":9,"name":520,"vendor":513,"product":521,"cpe_part":500,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":522},"software collections","software_collections",[523],{"version":524,"is_range":55,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0",{"ecosystem":9,"name":499,"vendor":526,"product":499,"cpe_part":500,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":527},"rubyonrails",[528,532,535,538],{"version":529,"is_range":81,"range_type":484,"version_start":530,"version_start_type":504,"version_end":510,"version_end_type":531,"fixed_in":9},"gte3.0.0_lt4.2.11.1","3.0.0","excluding",{"version":533,"is_range":81,"range_type":484,"version_start":534,"version_start_type":504,"version_end":508,"version_end_type":531,"fixed_in":9},"gte5.0.0_lt5.0.7.2","5.0.0",{"version":536,"is_range":81,"range_type":484,"version_start":537,"version_start_type":504,"version_end":506,"version_end_type":531,"fixed_in":9},"gte5.1.0_lt5.1.6.2","5.1.0",{"version":539,"is_range":81,"range_type":484,"version_start":540,"version_start_type":504,"version_end":503,"version_end_type":531,"fixed_in":9},"gte5.2.0_lt5.2.2.1","5.2.0"]