General Information

Ruby Code Injection

Variants:
Direct Persistent Session 

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
Ruby

Target Type:
Application

Affected Mechanisms:
Input Validation, Syntax Escaping

Invented In:
12/03/2009

Added In:
08/12/2014


Vector Operation Method:
Malicious inputs can affect the structure of server-side Ruby code which is generated dynamically


Direct Variant:

Ruby Injection

Variant Title:
Ruby Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Persistent Variant:

Stored Ruby Injection

Also Known As:
Persistent Ruby Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Session Variant:

Ruby Injection via Session Puzzling

Also Known As:
Session Ruby Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More: