CVE ID:	CVE-2016-2098
Description:	Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Test IDs:	1.3.6.1.4.1.25623.1.0.807704   1.3.6.1.4.1.25623.1.0.851240   1.3.6.1.4.1.25623.1.0.809353   1.3.6.1.4.1.25623.1.1.1.2.2016.604   1.3.6.1.4.1.25623.1.0.807706   1.3.6.1.4.1.25623.1.0.703509   1.3.6.1.4.1.25623.1.0.809352
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2098 BugTraq ID: 83725 http://www.securityfocus.com/bid/83725 Debian Security Information: DSA-3509 (Google Search) http://www.debian.org/security/2016/dsa-3509 https://www.exploit-db.com/exploits/40086/ https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ http://www.securitytracker.com/id/1035122 SuSE Security Announcement: SUSE-SU-2016:0854 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html SuSE Security Announcement: SUSE-SU-2016:0867 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html SuSE Security Announcement: SUSE-SU-2016:0967 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html SuSE Security Announcement: SUSE-SU-2016:1146 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html SuSE Security Announcement: openSUSE-SU-2016:0790 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html SuSE Security Announcement: openSUSE-SU-2016:0835 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html