CVE-2016-2098
published 2016-04-07CVE-2016-2098: Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by…
high7.3CVSS 3.0
AVNACLPRNUINSUCLILAL
EXPLOIT
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| actionpack_project | actionpack | >= 3.0.0 < 3.2.22.2 | 3.2.22.2 |
| actionpack_project | actionpack | >= 4.0.0 < 4.1.14.2 | 4.1.14.2 |
| actionpack_project | actionpack | >= 4.2.0 < 4.2.5.2 | 4.2.5.2 |
| debian | debian_linux | — | — |
| debian | rails | < rails 2:4.2.5.2-1 (bookworm) | rails 2:4.2.5.2-1 (bookworm) |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
osv7.3HIGH