Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Remediation

References

CVE-2016-2098

Related Vulnerabilities

WordPress Plugin LearnPress-WordPress LMS Cross-Site Request Forgery (3.2.7.2)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.6)

WordPress Plugin StoryChief Cross-Site Scripting (1.0.30)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876)

Severity

High

Classification

CVE-2016-2098 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities