Описание
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
The is a code injection vulnerability in versions of Rails prior to 5. ...
Remote code execution via user-provided local names in ActionView
Уязвимость компонента модуля из module/delegation.rb программной платформы Ruby on Rails, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2