{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2006-4111", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with \"severe\" or \"serious\" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits", "refsource" : "CONFIRM", "url" : "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits" }, { "name" : "GLSA-200608-20", "refsource" : "GENTOO", "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml" }, { "name" : "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html", "refsource" : "MISC", "url" : "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html" }, { "name" : "SUSE-SR:2006:021", "refsource" : "SUSE", "url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html" }, { "name" : "19454", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/19454" }, { "name" : "ADV-2006-3237", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3237" }, { "name" : "1016673", "refsource" : "SECTRACK", "url" : "http://securitytracker.com/id?1016673" }, { "name" : "21466", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21466" }, { "name" : "21749", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21749" } ] } }