Published almost 14 years ago
Category: Code Injection
Source: NIST NVD
Severity: Critical

Vulnerability in rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with “severe” or “serious” impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Low None Partial Partial Partial
Patched Versions


Unaffected Versions