ADVISORIES
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- ~> 3.2.18
- ~> 4.0.5
- >= 4.1.1
DESCRIPTION
There is a vulnerability in the ‘implicit render’ functionality in Ruby on Rails.The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the rails application server.