Описание
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.1 (исключая)
cpe:2.3:a:rubyonrails:actionpack_page-caching:*:*:*:*:*:ruby:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.0542
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
CVSS3: 9.8
debian
больше 5 лет назад
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that ...
CVSS3: 9.8
github
больше 5 лет назад
Arbitrary file write in actionpack-page_caching gem
EPSS
Процентиль: 90%
0.0542
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
CWE-22