multi_xml Gem for Ruby XML Parameter Parsing Remote Command Execution
The multi_xml Gem for Ruby contains a flaw that is triggered when an error occurs during the parsing of XML parameters. With a crafted request containing arbitrary symbol and yaml types, a remote attacker can execute arbitrary commands.