Description

A vulnerability exists in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call to acheive remote code execution. This vulnerability has been assigned the CVE identifier CVE-2020-8163.

Remediation

Users of Rails 5.0 should upgrade to a version >= 5.0.1. This release is already available on RubyGems.

Workaround: Until such time as the patch can be applied, application developers should ensure that all user-provided local names are alphanumeric.

References

[CVE-2020-8163] Potential remote code execution of user-provided local names in Rails < 5.0.1

Related Vulnerabilities

Joomla! JCE arbitrary file upload

Xdebug remote code execution via xdebug.remote_connect_back

PHP unserialize() used on user input

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

WordPress Plugin VaultPress Remote Code Execution (1.9.0)

Severity

High

Classification

CVE-2020-8163 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Acumonitor