There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
{ "binaries": [ { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "rails" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-actionmailer" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-actionpack" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-actionview" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-activejob" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-activemodel" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-activerecord" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-activesupport" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-rails" }, { "binary_version": "2:4.2.6-1ubuntu0.1~esm2", "binary_name": "ruby-railties" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "rails" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-actionmailer" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-actionpack" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-actionview" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-activejob" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-activemodel" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-activerecord" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-activesupport" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-rails" }, { "binary_version": "2:4.2.10-0ubuntu4+esm2", "binary_name": "ruby-railties" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }