CVE-2016-2098
critical-risk
Published 2016-04-07
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Do I need to act?
!
87.4% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (24)
and 4 more references
81
/ 100
critical-risk
Severity
26/34 · High
Exploitability
27/34 · High
Exposure
28/34 · Critical