active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.9%.
Denial Of Service
RCE
Rails
Ruby On Rails
Debian Linux
NVD
Exploit-DB
CVSS 2.0
7.5
EPSS
91.9%
Threat
5.8