Arbitrary Code Injection Affecting activeresource package, versions <2.2.0
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-ACTIVERESOURCE-20004
- published 14 Aug 2008
- disclosed 14 Aug 2008
- credit Unknown
Overview
activeresource
enables you to wrap your RESTful web app with Ruby classes and work with them like Active Record models.
Affected versions of this Gem are vulnerable to Improper Control of Generation of Code (Code Injection) Attacks.