E19-0uvu1
CVSS:
7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
False Positive:
t
Variants:
2
Year:
2019
Description
The strikes replicates an attack on Ruby on Rails which leads to arbitrary file disclosure. The vulnerability resides in the lack of validation of the "Accept" header which is further parsed within the "template_renderer.rb" file in order to return the template file to be rendered. By exploiting this, a remote unauthenticated attacker may read arbitrary files on the host system.