Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

CVSS v3:

  • Severity: High
  • Score: 7.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
debian / debian_linux 8.0 8.0.x
rubyonrails / ruby_on_rails 4.1.14.1 4.1.14.1.x
rubyonrails / ruby_on_rails - 3.2.22.1.x
rubyonrails / rails 4.0.0 4.0.0.x
rubyonrails / rails 4.0.1 4.0.1.x
rubyonrails / rails 4.0.2 4.0.2.x
rubyonrails / rails 4.0.6-rc3 4.0.6-rc3.x
rubyonrails / rails 4.1.0-beta1 4.1.0-beta1.x
rubyonrails / rails 4.1.0-beta2 4.1.0-beta2.x
rubyonrails / rails 4.1.0-rc1 4.1.0-rc1.x
rubyonrails / rails 4.1.0-rc2 4.1.0-rc2.x
rubyonrails / rails 4.1.2-rc1 4.1.2-rc1.x
rubyonrails / rails 4.1.2-rc2 4.1.2-rc2.x
rubyonrails / rails 4.1.2 4.1.2.x
rubyonrails / rails 4.1.2-rc3 4.1.2-rc3.x
rubyonrails / rails 4.1.6-rc1 4.1.6-rc1.x
rubyonrails / rails 4.1.6-rc2 4.1.6-rc2.x
rubyonrails / rails 4.1.9-rc1 4.1.9-rc1.x
rubyonrails / rails 4.1.10-rc1 4.1.10-rc1.x
rubyonrails / rails 4.1.10-rc2 4.1.10-rc2.x
rubyonrails / rails 4.1.10-rc3 4.1.10-rc3.x
rubyonrails / rails 4.1.10-rc4 4.1.10-rc4.x
rubyonrails / rails 4.1.12-rc1 4.1.12-rc1.x
rubyonrails / rails 4.1.13-rc1 4.1.13-rc1.x
rubyonrails / rails 4.1.14-rc1 4.1.14-rc1.x
rubyonrails / rails 4.1.14-rc2 4.1.14-rc2.x
rubyonrails / rails 4.2.0-beta1 4.2.0-beta1.x
rubyonrails / rails 4.2.0-beta2 4.2.0-beta2.x
rubyonrails / rails 4.2.0-beta3 4.2.0-beta3.x
rubyonrails / rails 4.2.0-beta4 4.2.0-beta4.x
rubyonrails / rails 4.2.0-rc1 4.2.0-rc1.x
rubyonrails / rails 4.2.0-rc2 4.2.0-rc2.x
rubyonrails / rails 4.2.0-rc3 4.2.0-rc3.x
rubyonrails / rails 4.2.1-rc1 4.2.1-rc1.x
rubyonrails / rails 4.2.1-rc2 4.2.1-rc2.x
rubyonrails / rails 4.2.1-rc3 4.2.1-rc3.x
rubyonrails / rails 4.2.1 4.2.1.x
rubyonrails / rails 4.2.1-rc4 4.2.1-rc4.x
rubyonrails / rails 4.2.3-rc1 4.2.3-rc1.x
rubyonrails / rails 4.2.3 4.2.3.x
rubyonrails / rails 4.2.4 4.2.4.x
rubyonrails / rails 4.2.4-rc1 4.2.4-rc1.x
rubyonrails / rails 4.2.5-rc1 4.2.5-rc1.x
rubyonrails / rails 4.2.5-rc2 4.2.5-rc2.x
rubyonrails / rails 4.2.5 4.2.5.x
rubyonrails / rails 4.0.7 4.0.7.x
rubyonrails / rails 4.0.8 4.0.8.x
rubyonrails / rails 4.0.9 4.0.9.x
rubyonrails / rails 4.1.1 4.1.1.x
rubyonrails / rails 4.1.3 4.1.3.x
rubyonrails / rails 4.1.4 4.1.4.x
rubyonrails / rails 4.1.5 4.1.5.x
rubyonrails / rails 4.1.7 4.1.7.x
rubyonrails / rails 4.1.7.1 4.1.7.1.x
rubyonrails / rails 4.1.8 4.1.8.x
rubyonrails / rails 4.2.2 4.2.2.x
rubyonrails / rails 4.2.5.1 4.2.5.1.x
rubyonrails / rails 4.0.0-beta 4.0.0-beta.x
rubyonrails / rails 4.0.0-rc1 4.0.0-rc1.x
rubyonrails / rails 4.0.0-rc2 4.0.0-rc2.x
rubyonrails / rails 4.0.1-rc1 4.0.1-rc1.x
rubyonrails / rails 4.0.1-rc2 4.0.1-rc2.x
rubyonrails / rails 4.0.1-rc3 4.0.1-rc3.x
rubyonrails / rails 4.0.1-rc4 4.0.1-rc4.x
rubyonrails / rails 4.0.4-rc1 4.0.4-rc1.x
rubyonrails / rails 4.0.4 4.0.4.x
rubyonrails / rails 4.0.6-rc1 4.0.6-rc1.x
rubyonrails / rails 4.0.6 4.0.6.x
rubyonrails / rails 4.0.6-rc2 4.0.6-rc2.x
rubyonrails / rails 4.0.3 4.0.3.x
rubyonrails / rails 4.0.5 4.0.5.x
rubyonrails / rails 4.0.10-rc1 4.0.10-rc1.x
rubyonrails / rails 4.1.0 4.1.0.x
actionpack 3.0.0 3.2.22.2
actionpack 4.0.0 4.1.14.2
actionpack 4.2.0 4.2.5.2