CVE-2016-2098

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-2098

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2098.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-2098

Aliases

GHSA-78rc-8c29-p45g

Downstream

DEBIAN-CVE-2016-2098

DLA-604-1

DSA-3509-1

RHSA-2016:0454

RHSA-2016:0455

RHSA-2016:0456

SUSE-SU-2016:0854-1

SUSE-SU-2016:0867-1

SUSE-SU-2016:0967-1

SUSE-SU-2016:1146-1

SUSE-SU-2017:2716-1

openSUSE-SU-2024:10057-1

openSUSE-SU-2024:10332-1

Related

Published

2016-04-07T23:59:06.643Z

Modified

2026-02-11T07:13:05.773145Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type: GIT
Repo: https://github.com/rails/rails
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

375d9a0a7fb329b0fbbd75a13e93e53a00520587

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2098.json"