- Knowledge Base
- Ruby on Rails Dynamic Render File Upload Remote Code Execution Vulnerability
Ruby on Rails Dynamic Render File Upload Remote Code Execution Vulnerability
- Date Published:2016-11-11
- Last Updated:2016-11-11
- Version Affected: Ruby on Rails 4.0.8 Ruby on Rails 4.1.x Ruby on Rails 4.2.x Ruby on Rails 5.0.0
- CVE: CVE-2016-0752
Ruby on Rails is an open source Web application framework written in Ruby. This module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint.
1.Ruby on Rails company :http://rubyonrails.org/
2.For Sangfor NGAF customers, update the IPS to version 20161110 version or above.