CVE-2019-5418 — Rails Ruby on Rails Path Traversal Vulnerability
2025-07-07 • CISA Known Exploited Vulnerability
[event] Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Rails |
| Product | Ruby on Rails |
| CWE | CWE-22 |
| CVE ID | CVE-2019-5418 |
| Date Added | 2025-07-07 |
| Due Date | 2025-07-28 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due Date: 2025-07-28