Ruby on Rails Dynamic Render File Upload Remote Code Execution Vulnerability

Summary

    Ruby on Rails is an open source Web application framework written in Ruby. This module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint.

Solution

    1.Ruby on Rails company :http://rubyonrails.org/

    2.For Sangfor NGAF customers, update the IPS to version 20161110 version or above.