CVE-2016-2098

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-2098

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2098.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-2098

Aliases

GHSA-78rc-8c29-p45g

Related

Published

2016-04-07T23:59:06Z

Modified

2024-09-11T03:44:35.455053Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

References

Affected packages

Debian:11 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.2.5.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.2.5.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rails

Package

Name: rails
Purl: pkg:deb/debian/rails?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.2.5.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rails/rails

Affected ranges

Type: GIT
Repo: https://github.com/rails/rails
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0690f6f3a47b8fddf60ac57da006f0b8bfa22e32

Last affected

15ac2f0b6b2702f180707f480eb966a4e3b96e25

Last affected

1f6113c6a9f1f2f8e362b0e7702afac5d8cf98db

Last affected

254e8e2c97b5df1dafd54cf8f305f7bad05f4a63

Last affected

276b72c60342eb716e7457b447bce1e352780e92

Last affected

2abe4b032d080f7177c6f2e34c9124c468e8a293

Last affected

31e922996b97b7c223ebc1e26d1a1a2764bb0a62

Last affected

375d9a0a7fb329b0fbbd75a13e93e53a00520587

Last affected

4e168015cef61207981d2427d4dbb6cf15f71182

Last affected

5505c1d700f17e2009e1189a7aa6dafafe7062a4

Last affected

5d101c33fa19deca00e251152d25090cc152998f

Last affected

6ac6daa43e1c5b7388f8fd69f8117eb7668887c7

Last affected

6fe2572af11dc42f33d4f0e33a22391a85f2a1d2

Last affected

73521d586981279a99d3ba038d62e2414125df7a

Last affected

7b8e4f82717fcb944eb7e712050b223bd47b544e

Last affected

7c4bfe1c954ef90acf4f790e46fcbbd07d85af3e

Last affected

98d06c6bd4eefeeb342d05116fccefa11875cb9b

Last affected

9bb76261d39b59e7e229c80d052ca91a65ff17be

Last affected

b32babc4b0ff8f830933f25375ce9dbfbb356601

Last affected

b792566f3ebdd0c7dc688db7a4076d1c2c74f69f

Last affected

bb382b7aee116446518ca4ed1c6472d6b58f42b5

Last affected

dac822ef58ae05f0e805222fa8744116080165ac

Last affected

dfa7a76de8c1f7af0ef28119f9ac3072057c665e

Last affected

f17b04a23e7c597876cb2320ef9d525537e0b0a8

Last affected

f1ccb2e6ecb5486179ee6b20438d562ac45de4f4

Affected versions

v0.*

v0.10.0

v0.10.1

v0.11.0

v0.11.1

v0.12.0

v0.13.0

v0.13.1

v0.14.1

v0.14.3

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.4.1

v0.9.5

v1.*

v1.1.0

v1.1.0_RC1

v1.1.1

v2.*

v2.0.0

v2.0.0_PR

v2.0.0_RC1

v2.0.0_RC2

v2.0.1

v2.1.0

v2.1.0_RC1

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.2.1

v3.*

v3.0.0.beta.2

v3.0.0.beta.3

v3.0.0.beta1

v3.0.0.beta2

v3.0.0.beta3

v3.0.0.beta4

v3.0.0_RC

v3.1.0.beta1

v3.1.0.rc1

v3.2.0.rc1

v4.*

v4.0.0.beta1

v4.0.0.rc1

v4.0.1

v4.0.1.rc1

v4.0.1.rc2

v4.0.1.rc3

v4.0.1.rc4

v4.0.2

v4.0.3

v4.0.4

v4.0.4.rc1

v4.0.5

v4.1.0

v4.1.0.beta1

v4.1.0.beta2

v4.1.0.rc1

v4.1.0.rc2

v4.1.1

v4.1.2

v4.1.2.rc1

v4.1.2.rc2

v4.1.2.rc3

v4.2.0

v4.2.0.beta1

v4.2.0.beta4

v4.2.0.rc1

v4.2.0.rc2

v4.2.0.rc3

v4.2.1

v4.2.1.rc1

v4.2.1.rc2

v4.2.1.rc3

v4.2.1.rc4

v4.2.2