CVE-2016-0752

7.5 HIGH CISA KEV - Actively Exploited
Published: February 16, 2016 Modified: October 22, 2025
View on NVD

Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
Source: secalert@redhat.com
Permissions Required
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
Source: secalert@redhat.com
Permissions Required
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0296.html
Source: secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2016/dsa-3464
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/01/25/13
Source: secalert@redhat.com
Exploit Mailing List
http://www.securityfocus.com/bid/81801
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034816
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
Source: secalert@redhat.com
Broken Link
https://www.exploit-db.com/exploits/40561/
Source: secalert@redhat.com
Exploit Third Party Advisory VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0296.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2016/dsa-3464
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/01/25/13
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Mailing List
http://www.securityfocus.com/bid/81801
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034816
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.exploit-db.com/exploits/40561/
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

25 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
92.7%
100th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-04-15

Weaknesses (CWE)

CWE-22 CWE-22

Affected Vendors

suse redhat debian rubyonrails opensuse

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3