PT-2016-5015 · Ruby+1 · Ruby On Rails+1

Rageltman

Publicado

2016-03-09

Atualizado

2024-06-15

CVE-2016-2098

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions 3.2.x through 3.2.22.1 Ruby on Rails versions 4.0.x through 4.1.14.1 Ruby on Rails versions 4.2.x through 4.2.5.1

Description The issue allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Recommendations For versions 3.2.x through 3.2.22.1, update to version 3.2.22.2 or later. For versions 4.0.x through 4.1.14.1, update to version 4.1.14.2 or later. For versions 4.2.x through 4.2.5.1, update to version 4.2.5.2 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-2098

DLA-604-1

DSA-3509-1

GHSA-78RC-8C29-P45G

GHSA-HX46-VWMX-WX95

OPENSUSE-SU-2016_0790-1

OPENSUSE-SU-2016_0835-1

OPENSUSE-SU-2024:10057-1

OPENSUSE-SU-2024:10332-1

RHSA-2016:0454

RHSA-2016:0455

RHSA-2016:0456

SUSE-SU-2016:0854-1

SUSE-SU-2016:0867-1

SUSE-SU-2016:0967-1

SUSE-SU-2016:1146-1

SUSE-SU-2016_0967-1

SUSE-SU-2016_1146-1

SUSE-SU-2017:2716-1

Produtos afetados

Ruby On Rails

Suse

PT-2016-5015 · Ruby+1 · Ruby On Rails+1

CVE-2016-2098

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 69