Ruby · Ruby On Rails · CVE-2016-2097
**Name of the Vulnerable Software and Affected Versions**
Ruby on Rails versions 3.2.22.1 and earlier
Ruby on Rails versions 4.1.14.1 and earlier
**Description**
A directory traversal issue in Action View allows remote attackers to read arbitrary files by providing a .. (dot dot) in a pathname, leveraging an application's unrestricted use of the render method.
**Recommendations**
For Ruby on Rails versions 3.2.22.1 and earlier, update to version 3.2.22.2 or later.
For Ruby on Rails versions 4.1.14.1 and earlier, update to version 4.1.14.2 or later.