Red Hat Security Advisory 2016-0296-01

Red Hat Security Advisory 2016-0296-01 – The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the ‘render’ method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.

Leave a Reply