Ruby on Rails Improper Input Validation Vulnerability (CVE-2016-2098)

Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Remediation

References

CVE-2016-2098

Related Vulnerabilities

WordPress Plugin Newsletter-Send awesome emails from WordPress SQL Injection (3.0.8)

WordPress Plugin Salon Booking System Cross-Site Scripting (6.3)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.2.0)

WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Unspecified Vulnerability (2.2.4.1)

WordPress Plugin MAC PHOTO GALLERY 'upload-file.php' Arbitrary File Upload (2.7)

Severity

High

Classification

CVE-2016-2098 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L