7.5
CVE-2016-2098
- EPSS 86.07%
- Published 07.04.2016 23:59:06
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Rubyonrails ≫ Rails Version4.0.0 Update-
Rubyonrails ≫ Rails Version4.0.0 Updatebeta
Rubyonrails ≫ Rails Version4.0.0 Updaterc1
Rubyonrails ≫ Rails Version4.0.0 Updaterc2
Rubyonrails ≫ Rails Version4.0.1 Update-
Rubyonrails ≫ Rails Version4.0.1 Updaterc1
Rubyonrails ≫ Rails Version4.0.1 Updaterc2
Rubyonrails ≫ Rails Version4.0.1 Updaterc3
Rubyonrails ≫ Rails Version4.0.1 Updaterc4
Rubyonrails ≫ Rails Version4.0.2
Rubyonrails ≫ Rails Version4.0.3
Rubyonrails ≫ Rails Version4.0.4
Rubyonrails ≫ Rails Version4.0.4 Updaterc1
Rubyonrails ≫ Rails Version4.0.5
Rubyonrails ≫ Rails Version4.0.6
Rubyonrails ≫ Rails Version4.0.6 Updaterc1
Rubyonrails ≫ Rails Version4.0.6 Updaterc2
Rubyonrails ≫ Rails Version4.0.6 Updaterc3
Rubyonrails ≫ Rails Version4.0.7
Rubyonrails ≫ Rails Version4.0.8
Rubyonrails ≫ Rails Version4.0.9
Rubyonrails ≫ Rails Version4.0.10 Updaterc1
Rubyonrails ≫ Rails Version4.1.0 Update-
Rubyonrails ≫ Rails Version4.1.0 Updatebeta1
Rubyonrails ≫ Rails Version4.1.0 Updatebeta2
Rubyonrails ≫ Rails Version4.1.0 Updaterc1
Rubyonrails ≫ Rails Version4.1.0 Updaterc2
Rubyonrails ≫ Rails Version4.1.1
Rubyonrails ≫ Rails Version4.1.2
Rubyonrails ≫ Rails Version4.1.2 Updaterc1
Rubyonrails ≫ Rails Version4.1.2 Updaterc2
Rubyonrails ≫ Rails Version4.1.2 Updaterc3
Rubyonrails ≫ Rails Version4.1.3
Rubyonrails ≫ Rails Version4.1.4
Rubyonrails ≫ Rails Version4.1.5
Rubyonrails ≫ Rails Version4.1.6 Updaterc1
Rubyonrails ≫ Rails Version4.1.6 Updaterc2
Rubyonrails ≫ Rails Version4.1.7
Rubyonrails ≫ Rails Version4.1.7.1
Rubyonrails ≫ Rails Version4.1.8
Rubyonrails ≫ Rails Version4.1.9 Updaterc1
Rubyonrails ≫ Rails Version4.1.10 Updaterc1
Rubyonrails ≫ Rails Version4.1.10 Updaterc2
Rubyonrails ≫ Rails Version4.1.10 Updaterc3
Rubyonrails ≫ Rails Version4.1.10 Updaterc4
Rubyonrails ≫ Rails Version4.1.12 Updaterc1
Rubyonrails ≫ Rails Version4.1.13 Updaterc1
Rubyonrails ≫ Rails Version4.1.14 Updaterc1
Rubyonrails ≫ Rails Version4.1.14 Updaterc2
Rubyonrails ≫ Rails Version4.2.0 Updatebeta1
Rubyonrails ≫ Rails Version4.2.0 Updatebeta2
Rubyonrails ≫ Rails Version4.2.0 Updatebeta3
Rubyonrails ≫ Rails Version4.2.0 Updatebeta4
Rubyonrails ≫ Rails Version4.2.0 Updaterc1
Rubyonrails ≫ Rails Version4.2.0 Updaterc2
Rubyonrails ≫ Rails Version4.2.0 Updaterc3
Rubyonrails ≫ Rails Version4.2.1
Rubyonrails ≫ Rails Version4.2.1 Updaterc1
Rubyonrails ≫ Rails Version4.2.1 Updaterc2
Rubyonrails ≫ Rails Version4.2.1 Updaterc3
Rubyonrails ≫ Rails Version4.2.1 Updaterc4
Rubyonrails ≫ Rails Version4.2.2
Rubyonrails ≫ Rails Version4.2.3
Rubyonrails ≫ Rails Version4.2.3 Updaterc1
Rubyonrails ≫ Rails Version4.2.4
Rubyonrails ≫ Rails Version4.2.4 Updaterc1
Rubyonrails ≫ Rails Version4.2.5
Rubyonrails ≫ Rails Version4.2.5 Updaterc1
Rubyonrails ≫ Rails Version4.2.5 Updaterc2
Rubyonrails ≫ Rails Version4.2.5.1
Rubyonrails ≫ Ruby On Rails Version <= 3.2.22.1
Rubyonrails ≫ Ruby On Rails Version4.1.14.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 86.07% | 0.994 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.