Remote Code Execution (RCE) And Information Disclosure

2016-01-2605:48:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Actionpack is vulnerable to information disclosure and remote code execution. This vulnerability affects applications which pass user input directly into the render method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the view directory and potentially perform remote code execution.

CPENameOperatorVersion
actionpackeq5.0.0.beta1
actionpackle4.2.5
actionpackle4.1.14
rh-ror41-rubygem-activesupporteq4.1.5__1.el6
rh-ror41-rubygem-actionpackeq4.1.5__2.el6
rh-ror41-rubygem-activemodeleq4.1.5__1.el6
rh-ror41-rubygem-activerecordeq4.1.5__1.el6
rh-ror41-rubygem-actionvieweq4.1.5__3.el6
ror40-rubygem-actionpackeq4.0.2__4.el6
ror40-rubygem-activerecordeq4.0.2__2.3.el6

Name	Operator	Version
actionpack	eq	5.0.0.beta1
actionpack	le	4.2.5
actionpack	le	4.1.14
rh-ror41-rubygem-activesupport	eq	4.1.5__1.el6
rh-ror41-rubygem-actionpack	eq	4.1.5__2.el6
rh-ror41-rubygem-activemodel	eq	4.1.5__1.el6
rh-ror41-rubygem-activerecord	eq	4.1.5__1.el6
rh-ror41-rubygem-actionview	eq	4.1.5__3.el6
ror40-rubygem-actionpack	eq	4.0.2__4.el6
ror40-rubygem-activerecord	eq	4.0.2__2.3.el6