Red Hat Security Advisory 2016-0296-01 - The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.
33f627a2cd93446b36a77bf2e2d80c8c0986036c808f4d516649262a418ec657
Debian Linux Security Advisory 3464-1 - Multiple security issues have been discovered in the Rails on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation.
e13807b562e8b0f17aa51b9dfe99a77935fc313efee81f28e8f58af0a981b1c3