CVE-2016-2098
Ruby on Rails ActionPack Inline ERB - Code Execution
Severity Score
7.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
9
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.2, 4.x en versiones anteriores a 4.1.14.2 y 4.2.x en versiones anteriores a 4.2.5.2 permite a atacantes remotos ejecutar código Ruby arbitrario aprovechando el uso no restringido del método render de una aplicación.
A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-01-29 CVE Reserved
- 2016-03-10 CVE Published
- 2017-01-25 First Exploit
- 2024-08-05 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/83725 | Vdb Entry | |
| http://www.securitytracker.com/id/1035122 | Vdb Entry | |
| https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/40086 | 2024-08-05 | |
| https://github.com/0x00-0x00/CVE-2016-2098 | 2018-02-09 | |
| https://github.com/its-arun/CVE-2016-2098 | 2018-06-19 | |
| https://github.com/Shakun8/CVE-2016-2098 | 2022-09-25 | |
| https://github.com/j4k0m/CVE-2016-2098 | 2021-08-31 | |
| https://github.com/Debalinax64/CVE-2016-2098 | 2021-04-07 | |
| https://github.com/Alejandro-MartinG/rails-PoC-CVE-2016-2098 | 2017-01-25 | |
| https://github.com/3rg1s/CVE-2016-2098 | 2019-10-30 | |
| https://github.com/DanielHemmati/CVE-2016-2098-my-first-exploit | 2020-07-27 |
| URL | Date | SRC |
|---|---|---|
| http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released | 2019-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | beta |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc3 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc4 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.2 Search vendor "Rubyonrails" for product "Rails" and version "4.0.2" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.3 Search vendor "Rubyonrails" for product "Rails" and version "4.0.3" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.4 Search vendor "Rubyonrails" for product "Rails" and version "4.0.4" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.4 Search vendor "Rubyonrails" for product "Rails" and version "4.0.4" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.5 Search vendor "Rubyonrails" for product "Rails" and version "4.0.5" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | rc3 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.7 Search vendor "Rubyonrails" for product "Rails" and version "4.0.7" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.8 Search vendor "Rubyonrails" for product "Rails" and version "4.0.8" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.9 Search vendor "Rubyonrails" for product "Rails" and version "4.0.9" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.10 Search vendor "Rubyonrails" for product "Rails" and version "4.0.10" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.0 Search vendor "Rubyonrails" for product "Rails" and version "4.1.0" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.0 Search vendor "Rubyonrails" for product "Rails" and version "4.1.0" | beta1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.0 Search vendor "Rubyonrails" for product "Rails" and version "4.1.0" | beta2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.0 Search vendor "Rubyonrails" for product "Rails" and version "4.1.0" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.0 Search vendor "Rubyonrails" for product "Rails" and version "4.1.0" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.1 Search vendor "Rubyonrails" for product "Rails" and version "4.1.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | rc3 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.3 Search vendor "Rubyonrails" for product "Rails" and version "4.1.3" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.4 Search vendor "Rubyonrails" for product "Rails" and version "4.1.4" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.5 Search vendor "Rubyonrails" for product "Rails" and version "4.1.5" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.6 Search vendor "Rubyonrails" for product "Rails" and version "4.1.6" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.6 Search vendor "Rubyonrails" for product "Rails" and version "4.1.6" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.7 Search vendor "Rubyonrails" for product "Rails" and version "4.1.7" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.7.1 Search vendor "Rubyonrails" for product "Rails" and version "4.1.7.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.8 Search vendor "Rubyonrails" for product "Rails" and version "4.1.8" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.9 Search vendor "Rubyonrails" for product "Rails" and version "4.1.9" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.10 Search vendor "Rubyonrails" for product "Rails" and version "4.1.10" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.10 Search vendor "Rubyonrails" for product "Rails" and version "4.1.10" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.10 Search vendor "Rubyonrails" for product "Rails" and version "4.1.10" | rc3 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.10 Search vendor "Rubyonrails" for product "Rails" and version "4.1.10" | rc4 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.12 Search vendor "Rubyonrails" for product "Rails" and version "4.1.12" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.13 Search vendor "Rubyonrails" for product "Rails" and version "4.1.13" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.14 Search vendor "Rubyonrails" for product "Rails" and version "4.1.14" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.14 Search vendor "Rubyonrails" for product "Rails" and version "4.1.14" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.0 Search vendor "Rubyonrails" for product "Rails" and version "4.2.0" | beta1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.0 Search vendor "Rubyonrails" for product "Rails" and version "4.2.0" | beta2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.0 Search vendor "Rubyonrails" for product "Rails" and version "4.2.0" | beta3 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.0 Search vendor "Rubyonrails" for product "Rails" and version "4.2.0" | beta4 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.0 Search vendor "Rubyonrails" for product "Rails" and version "4.2.0" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.0 Search vendor "Rubyonrails" for product "Rails" and version "4.2.0" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.0 Search vendor "Rubyonrails" for product "Rails" and version "4.2.0" | rc3 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.1 Search vendor "Rubyonrails" for product "Rails" and version "4.2.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.1 Search vendor "Rubyonrails" for product "Rails" and version "4.2.1" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.1 Search vendor "Rubyonrails" for product "Rails" and version "4.2.1" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.1 Search vendor "Rubyonrails" for product "Rails" and version "4.2.1" | rc3 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.1 Search vendor "Rubyonrails" for product "Rails" and version "4.2.1" | rc4 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.2 Search vendor "Rubyonrails" for product "Rails" and version "4.2.2" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.3 Search vendor "Rubyonrails" for product "Rails" and version "4.2.3" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.3 Search vendor "Rubyonrails" for product "Rails" and version "4.2.3" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.4 Search vendor "Rubyonrails" for product "Rails" and version "4.2.4" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.4 Search vendor "Rubyonrails" for product "Rails" and version "4.2.4" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.5 Search vendor "Rubyonrails" for product "Rails" and version "4.2.5" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.5 Search vendor "Rubyonrails" for product "Rails" and version "4.2.5" | rc1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.5 Search vendor "Rubyonrails" for product "Rails" and version "4.2.5" | rc2 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.2.5.1 Search vendor "Rubyonrails" for product "Rails" and version "4.2.5.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Ruby On Rails Search vendor "Rubyonrails" for product "Ruby On Rails" | <= 3.2.22.1 Search vendor "Rubyonrails" for product "Ruby On Rails" and version " <= 3.2.22.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Ruby On Rails Search vendor "Rubyonrails" for product "Ruby On Rails" | 4.1.14.1 Search vendor "Rubyonrails" for product "Ruby On Rails" and version "4.1.14.1" | - |
Affected
| ||||||