🔴 CVE-2019-5418

CVE-2019-5418 is a file content disclosure vulnerability in Rails Action View that allows attackers to read arbitrary files from the server filesystem using specially crafted Accept headers. This affects web applications built with Rails, which are commonly deployed as internet-facing services.

← Back to Overview
HIGH_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2019-03-27

Added to CISA KEV: 2025-07-07 2294 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2019-5418 is a high-severity file content disclosure vulnerability affecting the Action View component of the Ruby on Rails framework [1] [6].

Attack Method and Requirements
  • Exploitation Mechanism: The vulnerability occurs when an application uses the `render file:` method in a controller without specifying an accept format [2]. An attacker can exploit this by sending a specially crafted `Accept` header in an HTTP request, which causes the application to render arbitrary files from the server's filesystem instead of the intended template [1] [5].
  • Requirements:
* Network vs. Local: This is a remote, network-based attack; no local access is required [1]. * User Interaction: No user interaction is required for successful exploitation. * Code Pattern: The application must contain specific controller code that renders a file without an explicit format (e.g., `render file: "#{Rails.root}/some/file"`) [2].
Impact and Access
Successful exploitation allows an attacker to read arbitrary files on the target server that the application process has permission to access [1]. This can lead to the exposure of:
  • Application configuration details and environment variables.
  • Sensitive system information (e.g., OS or framework versions).
  • User data, credentials, or API keys [4].
Exploitation in the Wild and Tooling
  • Active Exploitation: Following its disclosure in March 2019, the vulnerability was actively exploited in the wild, often used by attackers to scan for and extract sensitive configuration files (such as `database.yml` or `/etc/passwd`) from vulnerable Rails applications.
  • Proof-of-Concept: Public proof-of-concept (PoC) exploit scripts became widely available shortly after the vulnerability was announced, and it was integrated into automated security scanning tools like Nuclei [3].
  • Targeted Attacks: While it was used in broad, automated scanning campaigns, it was also leveraged in targeted attacks to gain initial access or gather reconnaissance data to facilitate further compromise.
Affected Versions and Mitigation
  • Affected Versions: Ruby on Rails Action View versions prior to the patched releases:
* < 5.2.2.1 * < 5.1.6.2 * < 5.0.7.2 * < 4.2.11.1 * Version 3.x is also affected [1] [7].
  • Status: This is a well-known, legacy vulnerability. The primary mitigation is to upgrade to a non-vulnerable version of the Ruby on Rails framework [2].

Sources

  1. NVD - CVE-2019-5418

    An official website of the United States government Here's how you know ... There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause ... There is a File Content Disclosure vulnerability in Action V…

  2. Path Traversal in Action View · CVE-2019-5418 · GitHub Advisory...

    Affected versions.The impact is limited to calls to render which render file contents without a specified accept format. Impacted code in a controller looks something like this: class UserController < ApplicationController def index render file: "#{Rails.root}/some/file" end end. Rendering templates…

  3. CVE-2019-5418.yaml - projectdiscovery/nuclei-templates

    impact: | This vulnerability can lead to unauthorized access to sensitive information stored on the server. remediation: | Apply the patch provided by the ...

  4. Vulnerability Directory | CVE-2019-5418 | Rails

    CVE-2019-5418. PROJECT Affected. Ruby on Rails Framework. Versions Affected. 6.0.0 - <= 6.0.0.beta2 5.2.0 - <= 5.2.2.0 All of 4.x prior to ... CVE-2019-5418. No items found. Affects. Ruby on Rails Framework.‍ This exploit is in the category of Information Exposure and, as such, is considered to have…

  5. GitHub - mpgn/CVE-2019-5418: CVE-2019-5418 - File Content...

    There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. The impact is limited to calls to render which render file…

  6. CVE-2019-5418 | High Vulnerability in Ruby on Rails

    High-severity file content disclosure vulnerability in Ruby on Rails. Patch immediately to prevent unauthorized access to sensitive data.

  7. CVE-2019-5418 Common Vulnerabilities and Exposures | SUSE

    Upstream information. CVE-2019-5418 at MITRE. Description. There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.Authe…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed