Description

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

Remediation

References

CVE-2020-8163

Related Vulnerabilities

WordPress Plugin Redux Framework Multiple Vulnerabilities (4.2.11)

MediaWiki Other Vulnerability (CVE-2005-0536)

WordPress Plugin WordPress Mobile app Builder-Convert WordPress site to native mobile apps Arbitrary File Upload (1.05)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4588)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-1181)

Severity

High

Classification

CVE-2020-8163 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities