[ { "id": 175966226, "name": "CVE-2019-5418", "full_name": "mpgn\/CVE-2019-5418", "owner": { "login": "mpgn", "id": 5891788, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5891788?v=4", "html_url": "https:\/\/github.com\/mpgn" }, "html_url": "https:\/\/github.com\/mpgn\/CVE-2019-5418", "description": "CVE-2019-5418 - File Content Disclosure on Ruby on Rails", "fork": false, "created_at": "2019-03-16T11:58:18Z", "updated_at": "2023-09-28T10:59:28Z", "pushed_at": "2021-04-05T21:28:36Z", "stargazers_count": 192, "watchers_count": 192, "has_discussions": false, "forks_count": 24, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [ "rails" ], "visibility": "public", "forks": 24, "watchers": 192, "score": 0, "subscribers_count": 4 }, { "id": 176323109, "name": "CVE-2019-5418", "full_name": "omarkurt\/CVE-2019-5418", "owner": { "login": "omarkurt", "id": 1712468, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1712468?v=4", "html_url": "https:\/\/github.com\/omarkurt" }, "html_url": "https:\/\/github.com\/omarkurt\/CVE-2019-5418", "description": "File Content Disclosure on Rails Test Case - CVE-2019-5418", "fork": false, "created_at": "2019-03-18T16:09:13Z", "updated_at": "2021-06-23T14:36:20Z", "pushed_at": "2019-03-18T16:15:25Z", "stargazers_count": 5, "watchers_count": 5, "has_discussions": false, "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [ "cve-2019-5418", "ror", "vulnerable-app" ], "visibility": "public", "forks": 2, "watchers": 5, "score": 0, "subscribers_count": 0 }, { "id": 176545257, "name": "CVE-2019-5418-Scanner", "full_name": "brompwnie\/CVE-2019-5418-Scanner", "owner": { "login": "brompwnie", "id": 8638589, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8638589?v=4", "html_url": "https:\/\/github.com\/brompwnie" }, "html_url": "https:\/\/github.com\/brompwnie\/CVE-2019-5418-Scanner", "description": "A multi-threaded Golang scanner to identify Ruby endpoints vulnerable to CVE-2019-5418", "fork": false, "created_at": "2019-03-19T15:38:01Z", "updated_at": "2023-09-28T10:59:36Z", "pushed_at": "2019-03-21T17:26:06Z", "stargazers_count": 35, "watchers_count": 35, "has_discussions": false, "forks_count": 16, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", "forks": 16, "watchers": 35, "score": 0, "subscribers_count": 3 }, { "id": 177236589, "name": "Rails-doubletap-RCE", "full_name": "mpgn\/Rails-doubletap-RCE", "owner": { "login": "mpgn", "id": 5891788, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5891788?v=4", "html_url": "https:\/\/github.com\/mpgn" }, "html_url": "https:\/\/github.com\/mpgn\/Rails-doubletap-RCE", "description": "RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)", "fork": false, "created_at": "2019-03-23T02:52:31Z", "updated_at": "2023-10-08T11:50:30Z", "pushed_at": "2023-01-19T12:13:40Z", "stargazers_count": 127, "watchers_count": 127, "has_discussions": false, "forks_count": 32, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [ "rails" ], "visibility": "public", "forks": 32, "watchers": 127, "score": 0, "subscribers_count": 7 }, { "id": 178527770, "name": "CVE-2019-5418", "full_name": "takeokunn\/CVE-2019-5418", "owner": { "login": "takeokunn", "id": 11222510, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11222510?v=4", "html_url": "https:\/\/github.com\/takeokunn" }, "html_url": "https:\/\/github.com\/takeokunn\/CVE-2019-5418", "description": null, "fork": false, "created_at": "2019-03-30T07:40:11Z", "updated_at": "2019-10-24T19:07:56Z", "pushed_at": "2019-03-30T07:54:58Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", "forks": 2, "watchers": 2, "score": 0, "subscribers_count": 2 }, { "id": 178909066, "name": "RailroadBandit", "full_name": "Bad3r\/RailroadBandit", "owner": { "login": "Bad3r", "id": 25513724, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25513724?v=4", "html_url": "https:\/\/github.com\/Bad3r" }, "html_url": "https:\/\/github.com\/Bad3r\/RailroadBandit", "description": "a demo for Ruby on Rails CVE-2019-5418", "fork": false, "created_at": "2019-04-01T17:02:57Z", "updated_at": "2023-04-12T09:49:39Z", "pushed_at": "2019-04-11T22:45:52Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 2, "score": 0, "subscribers_count": 1 }, { "id": 212888337, "name": "CVE-2019-5418-Rails3", "full_name": "ztgrace\/CVE-2019-5418-Rails3", "owner": { "login": "ztgrace", "id": 2554037, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2554037?v=4", "html_url": "https:\/\/github.com\/ztgrace" }, "html_url": "https:\/\/github.com\/ztgrace\/CVE-2019-5418-Rails3", "description": "Rails 3 PoC of CVE-2019-5418", "fork": false, "created_at": "2019-10-04T19:28:10Z", "updated_at": "2019-10-04T19:29:56Z", "pushed_at": "2023-07-13T22:14:58Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", "forks": 1, "watchers": 0, "score": 0, "subscribers_count": 2 }, { "id": 222660643, "name": "CVE-2019-5418", "full_name": "random-robbie\/CVE-2019-5418", "owner": { "login": "random-robbie", "id": 4902869, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4902869?v=4", "html_url": "https:\/\/github.com\/random-robbie" }, "html_url": "https:\/\/github.com\/random-robbie\/CVE-2019-5418", "description": null, "fork": false, "created_at": "2019-11-19T09:40:06Z", "updated_at": "2021-04-26T19:41:51Z", "pushed_at": "2019-11-19T09:41:18Z", "stargazers_count": 5, "watchers_count": 5, "has_discussions": false, "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", "forks": 1, "watchers": 5, "score": 0, "subscribers_count": 3 }, { "id": 552810113, "name": "CVE-2019-5418", "full_name": "kailing0220\/CVE-2019-5418", "owner": { "login": "kailing0220", "id": 115863969, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/115863969?v=4", "html_url": "https:\/\/github.com\/kailing0220" }, "html_url": "https:\/\/github.com\/kailing0220\/CVE-2019-5418", "description": "Ruby on Rails是一个 Web 应用程序框架,是一个相对较新的 Web 应用程序框架,构建在 Ruby 语言之上。这个漏洞主要是由于Ruby on Rails使用了指定参数的render file来渲染应用之外的视图,我们可以通过修改访问某控制器的请求包,通过“…\/…\/…\/…\/”来达到路径穿越的目的,然后再通过“{{”来进行模板查询路径的闭合,使得所要访问的文件被当做外部模板来解析。", "fork": false, "created_at": "2022-10-17T09:04:43Z", "updated_at": "2023-01-13T12:24:23Z", "pushed_at": "2022-10-17T09:17:42Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 2, "score": 0, "subscribers_count": 1 } ]