CVE-2016-2098

Published: Apr 7, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2016:0867

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:0967

vendor-advisory

x_refsource_SUSE

DSA-3509

vendor-advisory

x_refsource_DEBIAN

83725

vdb-entry

x_refsource_BID

1035122

vdb-entry

x_refsource_SECTRACK

40086

exploit

x_refsource_EXPLOIT-DB

SUSE-SU-2016:0854

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:0790

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1146

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:0835

vendor-advisory

x_refsource_SUSE

[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack

mailing-list

x_refsource_MLIST

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-2098

Description

Affected Products

References