Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-2098

Опубликовано: 07 апр. 2016
Источник: nvd
CVSS3: 7.3
CVSS2: 7.5
EPSS Высокий

Описание

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
Версия до 3.2.22.1 (включая)
cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.8743
Высокий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2016-2098

CVSS3: 7.3
ubuntu
почти 10 лет назад

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

redhat логотип

CVE-2016-2098

redhat
почти 10 лет назад

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

debian логотип

CVE-2016-2098

CVSS3: 7.3
debian
почти 10 лет назад

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...

suse-cvrf логотип

openSUSE-SU-2016:0790-1

suse-cvrf
почти 10 лет назад

Security update for rubygem-actionview-4_2

github логотип

GHSA-78rc-8c29-p45g

CVSS3: 7.3
github
больше 8 лет назад

actionpack allows remote code execution via application's unrestricted use of render method

EPSS

Процентиль: 99%
0.8743
Высокий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20