CVE-2016-0753

Related Files

Red Hat Security Advisory 2016-0296-01

Posted Feb 24, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0296-01 - The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.

tags | advisory, remote, web, arbitrary, ruby

systems | linux, redhat

advisories | CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

SHA-256 | 33f627a2cd93446b36a77bf2e2d80c8c0986036c808f4d516649262a418ec657

Download | Favorite | View

Debian Security Advisory 3464-1

Posted Feb 1, 2016

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3464-1 - Multiple security issues have been discovered in the Rails on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation.

tags | advisory, web, denial of service, xss, info disclosure

systems | linux, debian

advisories | CVE-2015-3226, CVE-2015-3227, CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

SHA-256 | e13807b562e8b0f17aa51b9dfe99a77935fc313efee81f28e8f58af0a981b1c3

Download | Favorite | View