Analysis for CVE-2019-5418 File Content Disclosure on Rails
https://chybeta.github.io/2019/03/16/Analysis-for【CVE-2019-5418】File-Content-Disclosure-on-Rails/ [chybeta.github.io]
2019-03-21 10:47
See also: https://github.com/mpgn/CVE-2019-5418
See also: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
replace the Accept header with Accept: ../../../../../../../../../../etc/passwd{{
Somebody found a way to put a path traversal vuln in the Accept header. Wow.