Skip to content

actionpack allows remote code execution via application's unrestricted use of render method #12

New issue
New issue
Open
Open
actionpack allows remote code execution via application's unrestricted use of render method#12
Assignees
ls-barnaby-claydon
Labels
dependabothighsecurity
@sniffler-app

Description

@sniffler-app
sniffler-app
bot
opened on Apr 14, 2023

Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Informations

Manifest Path: Gemfile.lock

Please look at dependabot report :https://github.com/swipely/json_controller_generator/security/dependabot/64

Metadata

Metadata

Assignees

Labels

dependabothighsecurity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions