CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
References
Link Resource
https://hackerone.com/reports/304805 Permissions Required Third Party Advisory
https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 Mailing List Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html Mailing List Third Party Advisory
http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2020-07-02 12:15

Updated : 2022-05-24 09:06


NVD link : CVE-2020-8163

Mitre link : CVE-2020-8163


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

rubyonrails

  • rails