There is a code injection vulnerability in versions of Rails prior to 4.2.11.3 and 5.x prior to 5.0.1 that would allow an attacker who controlled the βlocalsβ argument of a βrenderβ call to perform a Remote Code Execution.
No source data
Vendor | Product | Version |
---|---|---|
a | rubyonrails | rails |