Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Remediation

References

CVE-2016-2098

Related Vulnerabilities

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17081)

Oracle JRE CVE-2013-2448 Vulnerability (CVE-2013-2448)

Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2021-20184)

PHP Other Vulnerability (CVE-2007-4528)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.9)

Severity

High

Classification

CVE-2016-2098 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities