Oval Definition:oval:com.ubuntu.bionic:def:20162097000
Revision Date:2016-04-07Version:1
Title:CVE-2016-2097 on Ubuntu 18.04 LTS (bionic) - medium.
Description:Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2016-2097
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND NOT While related to the CVE in some way, the 'rails' package in bionic is not affected (note: '2:4.2.5.2-1').
  • BACK