Arbitrary Ruby Code Execution in Action Pack

Arbitrary Ruby Code Execution in Action Pack

CVE-2016-2098 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Learn more about our Web Application Penetration Testing UK.