HTTP: Ruby on Rails Dynamic Render Arbitrary File Read
This signature detects attempts to exploit a known vulnerability against Ruby on Rails Dynamic Render. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Affected Products
Redhat software_collections
Short Name
HTTP:DIR:RUBY-ON-RAIL-RENDER
Severity
Warning
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2016-0752 Dynamic File Rails Read Render Ruby bid:81801 on
Release Date
06/19/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3819
False Positive
Unknown
Vendors
Rubyonrails
Debian
Opensuse
Suse
Redhat