Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2020-8163
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / rails | - | 5.0.1 |
| debian / debian_linux | 9.0 | 9.0.x |
actionview
|
- | 4.2.11.3 |
- http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml
- https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
- https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
- https://hackerone.com/reports/304805
- https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html