FreeBSD: rails -- multiple vulnerabilities (Multiple CVEs)
|8||(AV:N/AC:L/Au:N/C:P/I:P/A:P)||February 28, 2016||March 06, 2016||October 29, 2017|
Action Pack in Ruby on Rails before 188.8.131.52, 4.x before 184.108.40.206, and 4.2.x before 220.127.116.11 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- URL: http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
- URL: https://groups.google.com/d/msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
- URL: https://groups.google.com/d/msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ