Potential remote code execution of user-provided local names in ActionView
There was a vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call. Versions Affected: rails 5.0.1 Not affected: Applications that do not allow users to control the names of locals. Fixed Versions: 4.2.11.2 Impact ------ ...