EUVD-2017-0314

Malware in sbrugna...

Directory Traversal And Information Disclosure

actionview gem is vulnerable to directory traversal and information disclosure. This vulnerability affects applications which pass user input directly into the 'render' method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the...

Exploit for Improper Input Validation in Debian Debian_Linux

CVE-2016-2098 Action Pack in Ruby on Rails before 3.2.22.2, 4...

GHSA-78RC-8C29-P45G actionpack allows remote code execution via application's unrestricted use of render method

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

GHSA-XRR4-P6FQ-HJG7 Directory traversal vulnerability in Action View in Ruby on Rails

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

actionview contains Path Traversal vulnerability

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x,...

actionpack allows remote code execution via application's unrestricted use of render method

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

Directory traversal vulnerability in Action View in Ruby on Rails

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

Directory traversal vulnerability in Action View in Ruby on Rails

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The attacks exist since it does not escape MessageSummary string in the Render method...

CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

DEBIAN-CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

Directory traversal

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

Possible Information Leak Vulnerability

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params:id; end Carefully crafted requests can cause the above code to render files from unexpect...

rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix

A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code...

rubygem-actionpack: code injection vulnerability in Action View

A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code...

rubygem-actionpack: directory traversal flaw in Action View

A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code...

rubygem-actionpack: code injection vulnerability in Action View

A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code...