PT-2006-4952 · Ruby · Ruby On Rails

Publicado

2006-08-14

Atualizado

2019-08-08

CVE-2006-4111

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions prior to 1.1.5

Description The issue allows remote attackers to execute Ruby code, which has a severe or serious impact. This is achieved via a File Upload request that modifies the LOAD PATH variable through an HTTP header.

Recommendations For versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2006-4111

GHSA-RVPQ-5XQX-PFPP

Produtos afetados

Ruby On Rails

PT-2006-4952 · Ruby · Ruby On Rails

CVE-2006-4111

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20