Marc Slemko

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions prior to 5.0.1 **Description** The issue is a code injection vulnerability that allows an attacker who controls the `locals` argument of a `render` call to perform a remote code execution (RCE). This vulnerability is related to an insufficient mechanism for controlling code generation in the Ruby on Rails platform. Exploitation of the vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 5.0.1, update to version 5.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `render` call and limiting control over the `locals` argument until a patch is applied.