Critical File Content Disclosure & DoS Vulnerabilities in Ruby on Rails (CVE-2019-5418)

March 14, 2019


Serious security vulnerabilities have been discovered in the Ruby on Rails web application framework including a remote file content disclosure flaw and a Denial of Service (DoS) vulnerability. Please read the References links below to learn if your Rails application is affected.


  • CVE-2019-5418: By using specially crafted headers, attackers can view an arbitrary file’s content. [1]
  • CVE-2019-5419: Rails applications that are rendering tempates are subject to a Denial of Service (DoS) attack. Using specially crafted headers, attackers can max out the CPU by exploiting the template location code. [1]


  • All versions of Rails before 6.0.0.beta3,,,, and are affected.


  • Upgrade to Rails versions 6.0.0.beta3,,,, or