High severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish.

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Published: Aug 13, 2018
Updated: Apr 14, 2023
GHSA: GHSA-hx46-vwmx-wx95
Severity: High
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
actionpack	3.2.0	3.2.22.2
actionpack	4.0.0	4.1.14.2
actionpack	4.2.0	4.2.5.2

No references available.

Vulnerability Database

289,697

High severity vulnerability that affects actionpack