Overview
Ruby on Rails fails to properly validate input. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Ruby on Rails is a web application programming framework. Ruby on Rails 1.1.4 and earlier contain a vulnerability in the processing of user input. Rails 1.0 and earlier are not affected. |
Impact
A remote attacker may be able to execute arbitrary code on a vulnerable system. |
Solution
Upgrade or patch This vulnerability has been addressed in Ruby on Rails 1.1.6. |
Vendor Information
699540
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was publicly reported by David August.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2006-4112 |
| Severity Metric: | 16.45 |
| Date Public: | 2006-08-09 |
| Date First Published: | 2006-08-11 |
| Date Last Updated: | 2006-09-08 21:51 UTC |
| Document Revision: | 10 |