Ruby

Ruby SSTI vulnerabilities including ERB injection and Ruby on Rails render method RCE exploitations.

📄️ CVE-2016-2098: Ruby on Rails render Method RCE

CVE-2016-2098 is a remote code execution vulnerability in Ruby on Rails applications that call render on user-controlled input. The vulnerability arises because the render method supports multiple rendering modes, including inline Ruby templates, which can be abused if input is not strictly validated.