Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-2098 — Improper Input Validation in Ruby ON Rails

CWE-20 — Improper Input Validation CWE-94 — Code Injection12 documents9 sources

Severity

7.3HIGHNVD

EPSS

87.4%

top 0.54%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Rubyonrails Rails Actionpack Project Actionpack Rubyonrails Ruby ON Rails +1 more

Timeline

PublishedApr 7

Latest updateOct 24

Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages4 packages

▶Debianrubyonrails/rails< 2:4.2.5.2-1+3

▶NVDrubyonrails/ruby_on_rails3.2.22.1+1

▶NVDrubyonrails/rails33 versions+32

▶RubyGemsactionpack_project/actionpack3.0.0 — 3.2.22.2+2

Also affects: Debian Linux 8.0

Patches

Patch: weblog.rubyonrails.org ↗Patch: weblog.rubyonrails.org ↗

🔴Vulnerability Details

GHSA

actionpack allows remote code execution via application's unrestricted use of render method↗2017-10-24

▶

OSV

actionpack allows remote code execution via application's unrestricted use of render method↗2017-10-24

▶

OSV

CVE-2016-2098: Action Pack in Ruby on Rails before 3↗2016-04-07

▶

CVEList

CVE-2016-2098: Action Pack in Ruby on Rails before 3↗2016-04-07

▶

💥Exploits & PoCs

Exploit-DB

Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)↗2016-07-11

▶

📋Vendor Advisories

Red Hat

rubygem-actionpack: code injection vulnerability in Action View↗2016-02-29

▶

Debian

CVE-2016-2098: rails - Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x bef...↗2016

▶

💬Community

HackerOne

Remote code execution using render :inline↗2016-03-01

▶

Bugzilla

CVE-2016-2098 rubygem-actionpack: Code injection vulnerability in Action Pack [epel-5]↗2016-03-01

▶

Bugzilla

CVE-2016-2098 rubygem-actionpack: Code injection vulnerability in Action Pack [fedora-all]↗2016-03-01

▶

Bugzilla

CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View↗2016-02-19

▶