Detections
Analytics

Rails Unsafe Reflection

critical Web App Scanning Plugin ID 113009

Language:

Synopsis

Rails Unsafe Reflection

Description

Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller (MVC) architectural pattern.

Ruby On Rails provides a method called `constantize` which allows developers to dynamically find a constant by using a string. The most common usage of this method is to dynamically instantiate classes or modules from their name. An unsafe reflection vulnerability occurs when the application calls the `constantize` method on an uncontrolled user input. By leveraging this issue, an attacker could instantiate classes and try achieving a remote code execution on the target application.

Solution

The application should not trust user supplied strings on which the `constantize` method is called and should trust only the necessary and safe strings to be used depending on its logic.

See Also

https://blog.convisoappsec.com/en/exploiting-unsafe-reflection-in-rubyrails-applications/

https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection

https://www.praetorian.com/blog/ruby-unsafe-reflection-vulnerabilities/

Plugin Details

Severity: Critical

ID: 113009

Type: remote

Published: 10/5/2021

Updated: 10/5/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*

Reference Information