{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T12:16:00.733","vulnerabilities":[{"cve":{"id":"CVE-2016-2097","sourceIdentifier":"secalert@redhat.com","published":"2016-04-07T23:59:05.800","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752."},{"lang":"es","value":"Vulnerabilidad de salto directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.2 y 4.x en versiones anteriores a 4.1.14.2 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del método render de una aplicación y proporcionando un .. (punto punto) en un nombre de ruta. NOTA: esta vulnerabilidad existe por una solución incompleta para CVE-2016-0752."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*","matchCriteriaId":"2E950E33-CD03-45F5-83F9-F106060B4A8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*","matchCriteriaId":"547C62C8-4B3E-431B-AA73-5C42ED884671"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"4CDAD329-35F7-4C82-8019-A0CF6D069059"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"56D3858B-0FEE-4E8D-83C2-68AF0431F478"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*","matchCriteriaId":"254884EE-EBA4-45D0-9704-B5CB22569668"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*","matchCriteriaId":"35FC7015-267C-403B-A23D-EDA6223D2104"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*","matchCriteriaId":"5C913A56-959D-44F1-BD89-D246C66D1F09"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*","matchCriteriaId":"5D5BA926-38EE-47BE-9D16-FDCF360A503B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*","matchCriteriaId":"18EA25F1-279A-4F1A-883D-C064369F592E"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"FD794856-6F30-4ABF-8AE4-720BB75E6F89"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"B4199B8B-A6F9-4BFD-8D27-0E663D8C579D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"F11E76A3-FA5B-4038-AB52-3D7D5E54D8A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*","matchCriteriaId":"C583ACDE-55D5-4D2F-838F-BEC5BDCDE3B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"767C481D-6616-4CA9-9A9B-C994D9121796"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"D5496953-0C5E-45F8-A7FB-240CEC2CCEB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*","matchCriteriaId":"CA46B621-125E-497F-B2DE-91C989B25936"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*","matchCriteriaId":"B3239443-2E19-4540-BA0C-05A27E44CB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*","matchCriteriaId":"104AC9CF-6611-4469-9852-7FDAF4EC7638"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"DC9E1864-B1E5-42C3-B4AF-9A002916B66D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*","matchCriteriaId":"31AC91AA-6A9A-43B4-B3E9-A66A34B6E612"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*","matchCriteriaId":"A462C151-982E-4A83-A376-025015F40645"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*","matchCriteriaId":"578CC013-776B-4868-B448-B7ACAF3AF832"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*","matchCriteriaId":"C310EA3E-399A-48FD-8DE9-6950E328CF23"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*","matchCriteriaId":"293B2998-5169-4960-BEC4-21DAC837E32B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*","matchCriteriaId":"FB42A8E7-D273-4CE2-9182-D831D8089BFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*","matchCriteriaId":"DB757DFD-BF47-4483-A2C0-DF37F7D10989"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*","matchCriteriaId":"B6C375F2-5027-4B55-9112-C5DD2F787E43"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"EAB8D57F-9849-428C-B8E9-D0A1020728BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B0359DA8-6B41-46C5-AA95-41B1B366DD4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*","matchCriteriaId":"0965BDB6-9644-465C-AA32-9278B2D53197"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*","matchCriteriaId":"7F6B15CF-37C1-4C9B-8457-4A8C9A480188"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*","matchCriteriaId":"072EB16D-1325-4869-B156-65E786A834C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"847B3C3D-8656-404D-A954-09C159EDC8E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*","matchCriteriaId":"65CA2D50-B33C-4088-BDDF-EB964C9A092C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"CADB5989-5260-4F60-ACF2-BEB6D7F97654"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"509597D0-22E1-4BE8-95AD-C54FE4D15FA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"B86E26CB-2376-4EBC-913C-B354E2D6711B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*","matchCriteriaId":"539C550D-FEDD-415E-95AE-40E1AE2BAF1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*","matchCriteriaId":"D5150753-E86D-4859-A046-97B83EAE2C14"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*","matchCriteriaId":"59C5B869-74FC-4051-A103-A721332B3CF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*","matchCriteriaId":"F11E9791-7BCE-43E5-A4BA-6449623FE4F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*","matchCriteriaId":"CE521626-2876-455C-9D99-DB74726DC724"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*","matchCriteriaId":"2DFDD32E-F49E-47F7-B033-B6C3C0E07FC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*","matchCriteriaId":"DCBA26F1-FBBA-444D-9C14-F15AB14A4FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*","matchCriteriaId":"16D3B0EA-49F7-401A-A1D9-437429D33EAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*","matchCriteriaId":"17EBD8B4-C4D3-44A6-9DC1-89D948F126A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*","matchCriteriaId":"FCB08CD7-E9B9-454F-BAF7-96162D177677"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*","matchCriteriaId":"0D3DA0B4-E374-4ED4-8C3B-F723C968666F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*","matchCriteriaId":"B1730A9A-6810-4470-AE6C-A5356D5BFF43"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.22.1","matchCriteriaId":"DBD4FBDC-F05B-4CDD-8928-7122397A7651"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*","matchCriteriaId":"91AB2B26-A6F1-44D2-92EB-8078DD6FD63A"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html","source":"secalert@redhat.com"},{"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3509","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/83726","source":"secalert@redhat.com"},{"url":"http://www.securitytracker.com/id/1035122","source":"secalert@redhat.com"},{"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3509","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/83726","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1035122","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}