Description

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

Remediation

References

CVE-2020-8163

Related Vulnerabilities

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.19)

WordPress Plugin EWWW Image Optimizer Cloud Cross-Site Scripting (2.0.1)

MediaWiki Other Vulnerability (CVE-2005-1888)

MySQL CVE-2018-2782 Vulnerability (CVE-2018-2782)

WordPress Plugin Transposh WordPress Translation Cross-Site Scripting (0.8.3)

Severity

High

Classification

CVE-2020-8163 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities