File Content Disclosure on Rails

A possible file content disclosure vulnerability has been identified in Action View. The impact is limited to to calls to render which render file contents without a specified accept format. It is recommended that your review your application code for any risks and take appropriate actions to upgrade Rails or patch the issue.

For full details please see this security advisory and full analysis.


Please sign in to leave a comment.

Powered by Zendesk