Actionpack is vulnerable to information disclosure and remote code execution. This vulnerability affects applications which pass user input directly into the render method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the view directory and potentially perform remote code execution.