Rails - Path Traversal (CVE-2019-5418)

CVE-2019-5418 is a file content disclosure vulnerability in multiple versions of Rails' Action View, where attackers can exploit specially crafted HTTP accept headers to access arbitrary files on the server. This flaw could be leveraged by remote, unauthenticated attackers to read sensitive files, potentially exposing confidential information and aiding in further attacks.

CrowdSec has been tracking this vulnerability and its exploits since 5th of August 2025.

Data from the CrowdSec community indicates that exploitation of CVE-2019-5418 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2019-5418 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2019-5418 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by sending GET requests with a malicious Accept header containing path traversal sequences to disclose sensitive files, but detection is not possible without header inspection.