Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Remediation

References

CVE-2016-2098

Related Vulnerabilities

WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (4.7)

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)

WordPress Plugin Stripe Payment for WooCommerce Cross-Site Scripting (3.5.9)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26596)

Next.js Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-36046)

Severity

High

Classification

CVE-2016-2098 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities