Serious security vulnerabilities have been discovered in the Ruby on Rails web application framework including a remote file content disclosure flaw and a Denial of Service (DoS) vulnerability. Please read the References links below to learn if your Rails application is affected.
- CVE-2019-5418: By using specially crafted headers, attackers can view an arbitrary file’s content. 
- CVE-2019-5419: Rails applications that are rendering tempates are subject to a Denial of Service (DoS) attack. Using specially crafted headers, attackers can max out the CPU by exploiting the template location code. 
All versions of Rails before 6.0.0.beta3, 184.108.40.206, 220.127.116.11, 18.104.22.168, and 22.214.171.124 are affected.
- Upgrade to Rails versions 6.0.0.beta3, 126.96.36.199, 188.8.131.52, 184.108.40.206, or 220.127.116.11.