theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2019-5418

CISA KEV

Published July 7, 2025 · Updated April 3, 2026

high
Official Description+

Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.

Affected Products

VendorProduct
RailsRuby on Rails

Patch Status

Patch by 2025-07-28

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2019-5418.