Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. Combining this with log injection, remote code execution can be achieved.
CVE Link
Exploit Platform
Exploit Type
Product Name