Engine Yard Developer Center

File Content Disclosure on Rails

A possible file content disclosure vulnerability has been identified in Action View. The impact is limited to to calls to render which render file contents without a specified accept format. It is recommended that your review your application code for any risks and take appropriate actions to upgrade Rails or patch the issue.

For full details please see this security advisory and full analysis.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.

Powered by Zendesk