Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-2098
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ruby on Rails Action Pack 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ruby on Rails(Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。Action Pack是其中的一个用于构建和测试MVC Web应用程序的组件。 Ruby on Rails的Action Pack中存在安全漏洞,该漏洞源于‘render’函数没有充分过滤用户提交的输入。远程攻击者可通过向应用程序发送特制的数据利用该漏洞执行任意Ruby代码。以下版本受到影响:Rub
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2016-2098
#POC DescriptionSource LinkShenlong Link
1Proof of concept showing how CVE-2016-2098 leads to remote code executionhttps://github.com/hderms/dh-CVE_2016_2098POC Details
2A PoC of CVE-2016-2098 (rails4.2.5.1 / view render)https://github.com/CyberDefenseInstitute/PoC_CVE-2016-2098_Rails42POC Details
3Proof of concept CVE-2016-2098https://github.com/Alejandro-MartinG/rails-PoC-CVE-2016-2098POC Details
4Ruby On Rails unrestricted render() exploithttps://github.com/0x00-0x00/CVE-2016-2098POC Details
5CVE-2016-2098 simple POC written in bashhttps://github.com/its-arun/CVE-2016-2098POC Details
6Nonehttps://github.com/3rg1s/CVE-2016-2098POC Details
7This exploit is remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied datahttps://github.com/DanielHemmati/CVE-2016-2098-my-first-exploitPOC Details
8CVE-2016-2098 - POC of RCE Ruby on Rails: Improper Input Validation (CVE-2016-2098) in bash. Remote attackers can execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.https://github.com/Debalinax64/CVE-2016-2098POC Details
9Remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data.https://github.com/j4k0m/CVE-2016-2098POC Details
10CVE-2016-2098 POChttps://github.com/Shakun8/CVE-2016-2098POC Details
11Script that exploits the vulnerability that allows remote code execution in Ruby 2.3.8 ​​with CVE-2016-2098https://github.com/JoseLRC97/Ruby-on-Rails-ActionPack-Inline-ERB-Remote-Code-ExecutionPOC Details
12A PoC of CVE-2016-2098 I made for PentesterLab https://github.com/sealldeveloper/CVE-2016-2098-PoCPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2016-2098
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2016-2098

No comments yet

Leave a comment