CVE-2006-4111: Ruby on Rails vulnerable to code injection
(updated )
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with “severe” or “serious” impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
References
- github.com/advisories/GHSA-rvpq-5xqx-pfpp
- github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md
- github.com/rails/rails
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml
- nvd.nist.gov/vuln/detail/CVE-2006-4111
- web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
- web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
Code Behaviors & Features
Detect and mitigate CVE-2006-4111 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →