Description

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

Remediation

References

CVE-2020-8163

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17305)

Oracle Database Server CVE-2009-1966 Vulnerability (CVE-2009-1966)

WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.8.3.4)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)

WordPress Plugin Backup and Restore WordPress-WPBackItUp Arbitrary File Deletion (1.15.3)

Severity

High

Classification

CVE-2020-8163 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities