Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2098

Опубликовано: 29 фев. 2016
Источник: redhat
CVSS2: 6.8
EPSS Высокий

Описание

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5.2ruby193-rubygem-actionpackAffected
CloudForms Management Engine 5.3ruby193-rubygem-actionpackAffected
Red Hat Software Collectionsrh-ror42-rubygem-actionviewNot affected
Red Hat Subscription Asset Managerruby193-rubygem-actionpackWill not fix
Red Hat Subscription Asset Managerrubygem-actionpackWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6ror40-rubygem-actionpackFixedRHSA-2016:045415.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ror40-rubygem-activerecordFixedRHSA-2016:045415.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ror40-rubygem-activesupportFixedRHSA-2016:045415.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ruby193-rubygem-actionpackFixedRHSA-2016:045515.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6ruby193-rubygem-activerecordFixedRHSA-2016:045515.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-94
https://bugzilla.redhat.com/show_bug.cgi?id=1310054rubygem-actionpack: code injection vulnerability in Action View

EPSS

Процентиль: 99%
0.8743
Высокий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2098

CVSS3: 7.3
ubuntu
почти 10 лет назад

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

nvd логотип

CVE-2016-2098

CVSS3: 7.3
nvd
почти 10 лет назад

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

debian логотип

CVE-2016-2098

CVSS3: 7.3
debian
почти 10 лет назад

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...

suse-cvrf логотип

openSUSE-SU-2016:0790-1

suse-cvrf
почти 10 лет назад

Security update for rubygem-actionview-4_2

github логотип

GHSA-78rc-8c29-p45g

CVSS3: 7.3
github
больше 8 лет назад

actionpack allows remote code execution via application's unrestricted use of render method

EPSS

Процентиль: 99%
0.8743
Высокий

6.8 Medium

CVSS2