Remote Code Execution (RCE) And Information Disclosure

Actionpack is vulnerable to information disclosure and remote code execution. This vulnerability affects applications which pass user input directly into the render method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the view...