CVE-2019-5418

CVE-2019-5418

Vendor Rails
Product https://github.com/rails/rails
Weakness CWE-22 · Path traversal
KEV Status Known Exploited
Published March 27, 2019
Last update October 21, 2025

CVSS base score

What the vulnerability does

01Description

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

March 27, 2019 CVE published
October 21, 2025 Record updated