COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Rails vendor

3
failure events
0
zero-days
0
RCEs
3
on KEV
0
critical
50
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 3 events

DateEventSevFlagsShameSummary
2025-07-07 CVE-2019-5418 high ⌖KEV 50 Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
2022-03-25 CVE-2016-0752 high ⌖KEV 50 Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
2022-03-25 CVE-2014-0130 high ⌖KEV 50 Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.