Arbitrary Code Execution Affecting actionpack package, versions <2.3.15 >=3.2.0, <3.2.11 >=3.1.0, <3.1.10 >=3.0.0, <3.0.19


0.0
high

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    Exploit Maturity Mature
    EPSS 97.31% (100th percentile)
Expand this section
NVD
7.3 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUBY-ACTIONPACK-20047
  • published 18 Oct 2016
  • disclosed 7 Jan 2013
  • credit Unknown

How to fix?

Upgrade actionpack to versions 3.2.11, 3.1.10, 3.0.19, 2.3.15 or higher.

Overview

actionpack is a web app builder and tester on Rails.

Affected versions of this Gem are vulnerable to Arbitrary Remote Code Execution. The issue is triggered when a type casting error occurs during the parsing of parameters. This may allow a remote attacker to potentially execute arbitrary code.