There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "rails" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-actioncable" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-actionmailer" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-actionpack" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-actionview" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-activejob" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-activemodel" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-activerecord" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-activestorage" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-activesupport" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-rails" }, { "binary_version": "2:5.2.2.1+dfsg-1ubuntu1", "binary_name": "ruby-railties" } ] }