Candidate: CVE-2019-5418
PublicDate: 2019-03-27 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
 https://www.openwall.com/lists/oss-security/2019/03/13/5
Description:
 There is a File Content Disclosure vulnerability in Action View <5.2.2.1,
 <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers
 can cause contents of arbitrary files on the target system's filesystem to
 be exposed.
Ubuntu-Description:
Notes:
 seth-arnold> In Oneiric-Saucy, rails package is just for transition;
 seth-arnold> The rails package contains actual code from vivid onward
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_rails:
upstream_rails: released (2:4.1.8-1+deb8u5, 2:4.2.7.1-1+deb9u1, 2:5.2.2.1+dfsg-1)
precise/esm_rails: DNE
trusty_rails: not-affected (contains no code)
trusty/esm_rails: DNE (trusty was not-affected [contains no code])
xenial_rails: ignored (end of standard support, was needed)
bionic_rails: needed
cosmic_rails: ignored (reached end-of-life)
disco_rails: ignored (reached end-of-life)
eoan_rails: not-affected (2:5.2.2.1+dfsg-1ubuntu1)
focal_rails: not-affected (2:5.2.2.1+dfsg-1ubuntu1)
groovy_rails: not-affected (2:5.2.2.1+dfsg-1ubuntu1)
hirsute_rails: not-affected (2:5.2.2.1+dfsg-1ubuntu1)
impish_rails: not-affected (2:5.2.2.1+dfsg-1ubuntu1)
jammy_rails: not-affected (2:5.2.2.1+dfsg-1ubuntu1)
devel_rails: not-affected (2:5.2.2.1+dfsg-1ubuntu1)

Patches_ruby-rails-3.2:
upstream_ruby-rails-3.2: needs-triage
precise/esm_ruby-rails-3.2: DNE
trusty_ruby-rails-3.2: ignored (reached end-of-life)
trusty/esm_ruby-rails-3.2: DNE (trusty was needs-triage)
xenial_ruby-rails-3.2: DNE
bionic_ruby-rails-3.2: DNE
cosmic_ruby-rails-3.2: DNE
disco_ruby-rails-3.2: DNE
eoan_ruby-rails-3.2: DNE
focal_ruby-rails-3.2: DNE
groovy_ruby-rails-3.2: DNE
hirsute_ruby-rails-3.2: DNE
impish_ruby-rails-3.2: DNE
jammy_ruby-rails-3.2: DNE
devel_ruby-rails-3.2: DNE

Patches_ruby-actionpack-3.2:
upstream_ruby-actionpack-3.2: needs-triage
precise/esm_ruby-actionpack-3.2: DNE
trusty_ruby-actionpack-3.2: ignored (reached end-of-life)
trusty/esm_ruby-actionpack-3.2: DNE (trusty was needs-triage)
xenial_ruby-actionpack-3.2: DNE
bionic_ruby-actionpack-3.2: DNE
cosmic_ruby-actionpack-3.2: DNE
disco_ruby-actionpack-3.2: DNE
eoan_ruby-actionpack-3.2: DNE
focal_ruby-actionpack-3.2: DNE
groovy_ruby-actionpack-3.2: DNE
hirsute_ruby-actionpack-3.2: DNE
impish_ruby-actionpack-3.2: DNE
jammy_ruby-actionpack-3.2: DNE
devel_ruby-actionpack-3.2: DNE

Patches_ruby-activesupport-3.2:
upstream_ruby-activesupport-3.2: needs-triage
precise/esm_ruby-activesupport-3.2: DNE
trusty_ruby-activesupport-3.2: ignored (reached end-of-life)
trusty/esm_ruby-activesupport-3.2: DNE (trusty was needs-triage)
xenial_ruby-activesupport-3.2: DNE
bionic_ruby-activesupport-3.2: DNE
cosmic_ruby-activesupport-3.2: DNE
disco_ruby-activesupport-3.2: DNE
eoan_ruby-activesupport-3.2: DNE
focal_ruby-activesupport-3.2: DNE
groovy_ruby-activesupport-3.2: DNE
hirsute_ruby-activesupport-3.2: DNE
impish_ruby-activesupport-3.2: DNE
jammy_ruby-activesupport-3.2: DNE
devel_ruby-activesupport-3.2: DNE

Patches_ruby-activerecord-3.2:
upstream_ruby-activerecord-3.2: needs-triage
precise/esm_ruby-activerecord-3.2: DNE
trusty_ruby-activerecord-3.2: ignored (reached end-of-life)
trusty/esm_ruby-activerecord-3.2: DNE (trusty was needs-triage)
xenial_ruby-activerecord-3.2: DNE
bionic_ruby-activerecord-3.2: DNE
cosmic_ruby-activerecord-3.2: DNE
disco_ruby-activerecord-3.2: DNE
eoan_ruby-activerecord-3.2: DNE
focal_ruby-activerecord-3.2: DNE
groovy_ruby-activerecord-3.2: DNE
hirsute_ruby-activerecord-3.2: DNE
impish_ruby-activerecord-3.2: DNE
jammy_ruby-activerecord-3.2: DNE
devel_ruby-activerecord-3.2: DNE

Patches_ruby-activemodel-3.2:
upstream_ruby-activemodel-3.2: needs-triage
precise/esm_ruby-activemodel-3.2: DNE
trusty_ruby-activemodel-3.2: ignored (reached end-of-life)
trusty/esm_ruby-activemodel-3.2: DNE (trusty was needs-triage)
xenial_ruby-activemodel-3.2: DNE
bionic_ruby-activemodel-3.2: DNE
cosmic_ruby-activemodel-3.2: DNE
disco_ruby-activemodel-3.2: DNE
eoan_ruby-activemodel-3.2: DNE
focal_ruby-activemodel-3.2: DNE
groovy_ruby-activemodel-3.2: DNE
hirsute_ruby-activemodel-3.2: DNE
impish_ruby-activemodel-3.2: DNE
jammy_ruby-activemodel-3.2: DNE
devel_ruby-activemodel-3.2: DNE

Patches_rails-4.0:
upstream_rails-4.0: needs-triage
precise/esm_rails-4.0: DNE
trusty_rails-4.0: ignored (reached end-of-life)
trusty/esm_rails-4.0: DNE (trusty was needs-triage)
xenial_rails-4.0: DNE
bionic_rails-4.0: DNE
cosmic_rails-4.0: DNE
disco_rails-4.0: DNE
eoan_rails-4.0: DNE
focal_rails-4.0: DNE
groovy_rails-4.0: DNE
hirsute_rails-4.0: DNE
impish_rails-4.0: DNE
jammy_rails-4.0: DNE
devel_rails-4.0: DNE