Your submission was sent successfully! Close

CVE-2019-5418

Published: 27 March 2019

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
rails
Launchpad, Ubuntu, Debian
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(2:5.2.2.1+dfsg-1ubuntu1)
focal Not vulnerable
(2:5.2.2.1+dfsg-1ubuntu1)
groovy Not vulnerable
(2:5.2.2.1+dfsg-1ubuntu1)
hirsute Not vulnerable
(2:5.2.2.1+dfsg-1ubuntu1)
impish Not vulnerable
(2:5.2.2.1+dfsg-1ubuntu1)
jammy Not vulnerable
(2:5.2.2.1+dfsg-1ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [contains no code])
upstream
Released (2:4.1.8-1+deb8u5, 2:4.2.7.1-1+deb9u1, 2:5.2.2.1+dfsg-1)
xenial Ignored
(end of standard support, was needed)
rails-4.0
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Does not exist

ruby-actionpack-3.2
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Does not exist

ruby-activemodel-3.2
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Does not exist

ruby-activerecord-3.2
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Does not exist

ruby-activesupport-3.2
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Does not exist

ruby-rails-3.2
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Does not exist

Notes

AuthorNote
seth-arnold
In Oneiric-Saucy, rails package is just for transition;
The rails package contains actual code from vivid onward

References

Bugs