- >= 188.8.131.52
There was a vulnerability in versions of Rails prior to 5.0.1 that would
allow an attacker who controlled the
locals argument of a
Versions Affected: rails < 5.0.1 Not affected: Applications that do not allow users to control the names of locals. Fixed Versions: 184.108.40.206
In the scenario where an attacker might be able to control the name of a
local passed into
render, they can acheive remote code execution.
Until such time as the patch can be applied, application developers should ensure that all user-provided local names are alphanumeric.