[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3509-1 rails -- rails

ID: oval:org.secpod.oval:def:602424Date: (C)2016-03-15   (M)2022-09-23
Class: PATCHFamily: unix




Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files from arbitrary locations, including files beyond the application"s view directory. This vulnerability is the result of an incomplete fix of CVE-2016-0752. This bug was found by Jyoti Singh and Tobias Kraze from Makandra. CVE-2016-2098 If a web applications does not properly sanitize user inputs, an attacker might control the arguments of the render method in a controller or a view, resulting in the possibility of executing arbitrary ruby code. This bug was found by Tobias Kraze from Makandra and joernchen of Phenoelit.

Platform:
Debian 8.x
Product:
rails
Reference:
DSA-3509-1
CVE-2016-2097
CVE-2016-2098
CVE-2016-0752
CVE    3
CVE-2016-2098
CVE-2016-2097
CVE-2016-0752
CPE    2
cpe:/o:debian:debian_linux:8.x
cpe:/a:ruby:rails

© SecPod Technologies