Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Remediation

References

CVE-2016-2098

Related Vulnerabilities

Oracle JRE CVE-2012-1716 Vulnerability (CVE-2012-1716)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17081)

WordPress Plugin WooCommerce Cross-Site Scripting (2.6.8)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-0450)

WordPress Plugin WP-HR Manager:The Human Resources Unspecified Vulnerability (2.9.4)

Severity

High

Classification

CVE-2016-2098 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities