CVE-2019-5418 — Actively Exploited: Ruby on Rails (Rails)
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
| CVE ID | CVE-2019-5418 |
|---|---|
| Vendor | Rails |
| Product | Ruby on Rails |
| Vulnerability name | Rails Ruby on Rails Path Traversal Vulnerability |
| Date added | 2025-07-07 |
| Remediation due | 2025-07-28 |
| Known ransomware use | Unknown |
| Required action | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| Description | Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →