CVE-2016-2098
EUVD-2017-018507.04.2016, 23:59
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| rubyonrails | rails | 4.0.0 |
| rubyonrails | rails | 4.0.0:beta |
| rubyonrails | rails | 4.0.0:rc1 |
| rubyonrails | rails | 4.0.0:rc2 |
| rubyonrails | rails | 4.0.1 |
| rubyonrails | rails | 4.0.1:rc1 |
| rubyonrails | rails | 4.0.1:rc2 |
| rubyonrails | rails | 4.0.1:rc3 |
| rubyonrails | rails | 4.0.1:rc4 |
| rubyonrails | rails | 4.0.2 |
| rubyonrails | rails | 4.0.3 |
| rubyonrails | rails | 4.0.4 |
| rubyonrails | rails | 4.0.4:rc1 |
| rubyonrails | rails | 4.0.5 |
| rubyonrails | rails | 4.0.6 |
| rubyonrails | rails | 4.0.6:rc1 |
| rubyonrails | rails | 4.0.6:rc2 |
| rubyonrails | rails | 4.0.6:rc3 |
| rubyonrails | rails | 4.0.7 |
| rubyonrails | rails | 4.0.8 |
| rubyonrails | rails | 4.0.9 |
| rubyonrails | rails | 4.0.10:rc1 |
| rubyonrails | rails | 4.1.0 |
| rubyonrails | rails | 4.1.0:beta1 |
| rubyonrails | rails | 4.1.0:beta2 |
| rubyonrails | rails | 4.1.0:rc1 |
| rubyonrails | rails | 4.1.0:rc2 |
| rubyonrails | rails | 4.1.1 |
| rubyonrails | rails | 4.1.2 |
| rubyonrails | rails | 4.1.2:rc1 |
| rubyonrails | rails | 4.1.2:rc2 |
| rubyonrails | rails | 4.1.2:rc3 |
| rubyonrails | rails | 4.1.3 |
| rubyonrails | rails | 4.1.4 |
| rubyonrails | rails | 4.1.5 |
| rubyonrails | rails | 4.1.6:rc1 |
| rubyonrails | rails | 4.1.6:rc2 |
| rubyonrails | rails | 4.1.7 |
| rubyonrails | rails | 4.1.7.1 |
| rubyonrails | rails | 4.1.8 |
| rubyonrails | rails | 4.1.9:rc1 |
| rubyonrails | rails | 4.1.10:rc1 |
| rubyonrails | rails | 4.1.10:rc2 |
| rubyonrails | rails | 4.1.10:rc3 |
| rubyonrails | rails | 4.1.10:rc4 |
| rubyonrails | rails | 4.1.12:rc1 |
| rubyonrails | rails | 4.1.13:rc1 |
| rubyonrails | rails | 4.1.14:rc1 |
| rubyonrails | rails | 4.1.14:rc2 |
| rubyonrails | rails | 4.2.0:beta1 |
| rubyonrails | rails | 4.2.0:beta2 |
| rubyonrails | rails | 4.2.0:beta3 |
| rubyonrails | rails | 4.2.0:beta4 |
| rubyonrails | rails | 4.2.0:rc1 |
| rubyonrails | rails | 4.2.0:rc2 |
| rubyonrails | rails | 4.2.0:rc3 |
| rubyonrails | rails | 4.2.1 |
| rubyonrails | rails | 4.2.1:rc1 |
| rubyonrails | rails | 4.2.1:rc2 |
| rubyonrails | rails | 4.2.1:rc3 |
| rubyonrails | rails | 4.2.1:rc4 |
| rubyonrails | rails | 4.2.2 |
| rubyonrails | rails | 4.2.3 |
| rubyonrails | rails | 4.2.3:rc1 |
| rubyonrails | rails | 4.2.4 |
| rubyonrails | rails | 4.2.4:rc1 |
| rubyonrails | rails | 4.2.5 |
| rubyonrails | rails | 4.2.5:rc1 |
| rubyonrails | rails | 4.2.5:rc2 |
| rubyonrails | rails | 4.2.5.1 |
| rubyonrails | ruby_on_rails | 𝑥 ≤ 3.2.22.1 |
| rubyonrails | ruby_on_rails | 4.1.14.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||
| rails-4.0 |
| ||||||||||||||||||||
| ruby-actionpack-2.3 |
| ||||||||||||||||||||
| ruby-actionpack-3.2 |
| ||||||||||||||||||||
| ruby-activemodel-3.2 |
| ||||||||||||||||||||
| ruby-activerecord-2.3 |
| ||||||||||||||||||||
| ruby-activerecord-3.2 |
| ||||||||||||||||||||
| ruby-activesupport-2.3 |
| ||||||||||||||||||||
| ruby-activesupport-3.2 |
| ||||||||||||||||||||
| ruby-rails-2.3 |
| ||||||||||||||||||||
| ruby-rails-3.2 |
|
Common Weakness Enumeration
References