Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Remediation

References

CVE-2016-2098

Related Vulnerabilities

MySQL CVE-2021-2299 Vulnerability (CVE-2021-2299)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-47184)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1227)

Drupal Other Vulnerability (CVE-2006-2742)

Oracle HTTP Server CVE-2021-25219 Vulnerability (CVE-2021-25219)

Severity

High

Classification

CVE-2016-2098 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities