Rails Action View - Path Traversal (CVE-2019-5418)
184Exploiting IPs reported
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CrowdSec analysis
CVE-2019-5418 is a file content disclosure vulnerability in multiple versions of Rails' Action View, where attackers can exploit specially crafted HTTP accept headers to access arbitrary files on the server. This flaw could be leveraged by remote, unauthenticated attackers to read sensitive files, potentially exposing confidential information and aiding in further attacks.
CrowdSec has been tracking this vulnerability and its exploits since 5th of August 2025.
Data from the CrowdSec community indicates that exploitation of CVE-2019-5418 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. In addition, according to the CrowdSec network, attack volume against CVE-2019-5418 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.
Attackers exploit this vulnerability by sending GET requests with a malicious Accept header containing path traversal sequences to disclose sensitive files, but detection is not possible without header inspection.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.