CVE-2016-2098: Improper Input Validation

April 7, 2016 (updated August 8, 2019)

The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application’s unrestricted use of the render method.

References

nvd.nist.gov/vuln/detail/CVE-2016-2098

Detect and mitigate CVE-2016-2098 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →