Arbitrary Ruby Code Execution in Action Pack
CVE-2016-2098 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Learn more about our Web Application Penetration Testing UK.