CVE-2016-0752 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-0752 REJECTED KEV

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

EPSS 91.05% · 99.6th percentile

Risk Scores

EPSS Score

91.05%

99.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	rails	0, 2:4.1.10-1, 2:4.2.5-1

Timeline

CVE Published
Mar 1, 2016 PoC Published
Mar 1, 2016 PoC Published
Oct 15, 2016 PoC Published
Feb 4, 2022 EPSS Score
Mar 25, 2022 CISA KEV Added
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-0752 third-party-advisory
https://marc.info/?l=oss-security&m=145375068928706&w=2 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-0752 third-party-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory

Open in Interactive Console →