7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.943 High
EPSS
Percentile
99.0%
Name | rails_actionpack_render |
---|---|
CVE | CVE-2016-2098 Exploit Pack |
VENDOR: http://rubyonrails.org | |
Notes: |
This vulnerability affects ActionPack gem and it allows remote attackers to execute arbitrary Ruby Code due to the unsafe use of the βrenderβ method. Web applications that pass unverified user input to the βrenderβ method in a controller or a view could be vulnerable to code injection.
The first issue here is that the βrenderβ method accepts a hash parameter as input parameter. The second issue is triggered when the method receives a hash parameter with a key named as one of the render options such as html, plain, inline, etc. The method uses it in the same way as βrender key: valueβ, for example if you use { βplainβ : βHELLOβ } as a parameter this is the same as calling βrender plain: βHELLOββ. Using { βinlineβ : ββ } will give you code execution.
The POST parameters seem to be non exploitable to this vulnerability due to the post_params method that checks all parameters against a whitelist.
Repeatability: Infinite
CVE URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2098
CVSS: 7.5
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.943 High
EPSS
Percentile
99.0%