Lucene search

Remote code execution via user-provided local names in ActionView

🗓️ 07 Jul 2020 16:27:34Reported by GitHub Advisory DatabaseType

Remote code execution in Rails ActionVie

Reporter	Title	Published	Views	Family All 32
Packet Storm	Ruby On Rails 5.0.1 Remote Code Execution	27 Jul 202000:00	–	packetstorm
CVE	CVE-2020-8163	2 Jul 202019:15	–	cve
Check Point Advisories	Rails Remote Code Execution (CVE-2020-8163)	6 Nov 202200:00	–	checkpoint_advisories
Veracode	Remote Code Execution	18 May 202006:48	–	veracode
GitLab Advisory Database	Improper Control of Generation of Code ('Code Injection')	2 Jul 202000:00	–	gitlab
OSV	CVE-2020-8163	2 Jul 202019:15	–	osv
OSV	Remote code execution via user-provided local names in ActionView	7 Jul 202016:34	–	osv
OSV	BIT-rails-2020-8163	6 Mar 202411:04	–	osv
OSV	rails - security update	20 Jul 202000:00	–	osv
Saint	Ruby on Rails local names command execution	29 Jul 202000:00	–	saint

Vulners

Node

rubyonrails actionviewRange≤4.2.11.1

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-8163
hackerone	www.hackerone.com/reports/304805
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml
groups	www.groups.google.com/forum/
groups	www.groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
lists	www.lists.debian.org/debian-lts-announce/2020/07/msg00013.html
packetstormsecurity	www.packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html
github	www.github.com/advisories/GHSA-cr3x-7m39-c6jq

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Jul 2020 16:34Current

8.6High risk

Vulners AI Score8.6

CVSS26.5

CVSS38.8

EPSS0.96328

CWE-94