CVE-2016-2097: Path Traversal

April 7, 2016 (updated August 8, 2019)

Directory traversal vulnerability in Action View in Ruby on Rails before allows remote attackers to read arbitrary files by leveraging an application’s unrestricted use of the render method and providing a .. in a pathname.

References

weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
nvd.nist.gov/vuln/detail/CVE-2016-2097

Code Behaviors & Features

Detect and mitigate CVE-2016-2097 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →