We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2019-5418



Description

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Reserved 2019-01-04 | Published 2019-03-27 | Updated 2025-07-07 | Assigner hackerone

CISA Known Exploited Vulnerability

Date added 2025-07-07 | Due date 2025-07-28

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

Path Traversal (CWE-22)

Product status

5.2.2.1
affected

5.1.6.2
affected

5.0.7.2
affected

4.2.11.1
affected

References

www.exploit-db.com/exploits/46585/ (46585) exploit

packetstormsecurity.com/...rary-File-Content-Disclosure.html

www.openwall.com/lists/oss-security/2019/03/22/1 ([oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View) mailing-list

weblog.rubyonrails.org/...-2-5-1-5-1-6-2-have-been-released/

groups.google.com/forum/

lists.debian.org/debian-lts-announce/2019/03/msg00042.html ([debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update) mailing-list

access.redhat.com/errata/RHSA-2019:0796 (RHSA-2019:0796) vendor-advisory

lists.opensuse.org/...ecurity-announce/2019-05/msg00011.html (openSUSE-SU-2019:1344) vendor-advisory

lists.fedoraproject.org/...Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/ (FEDORA-2019-1cfe24db5c) vendor-advisory

access.redhat.com/errata/RHSA-2019:1149 (RHSA-2019:1149) vendor-advisory

access.redhat.com/errata/RHSA-2019:1147 (RHSA-2019:1147) vendor-advisory

access.redhat.com/errata/RHSA-2019:1289 (RHSA-2019:1289) vendor-advisory

cve.org (CVE-2019-5418)

nvd.nist.gov (CVE-2019-5418)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2019-5418

Support options

Helpdesk Chat, Email, Knowledgebase