CVE-2020-8163
published 2020-07-02CVE-2020-8163: The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | rails | < rails 2:5.2.0+dfsg-2 (bookworm) | rails 2:5.2.0+dfsg-2 (bookworm) |
| https | github.com_rails_rails | — | — |
| rails | actionview | >= 0 < 4.2.11.3 | 4.2.11.3 |
| rubyonrails | rails | < 5.0.1 | 5.0.1 |
| rubyonrails | rails | >= 0 < 2:5.2.0+dfsg-2 | 2:5.2.0+dfsg-2 |
| rubyonrails | rails | >= 0 < 2:5.2.0+dfsg-2 | 2:5.2.0+dfsg-2 |
| rubyonrails | rails | >= 0 < 2:5.2.0+dfsg-2 | 2:5.2.0+dfsg-2 |
| rubyonrails | rails | >= 0 < 2:5.2.0+dfsg-2 | 2:5.2.0+dfsg-2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH