Improper Control of Generation of Code ('Code Injection')

🗓️ 02 Jul 2020 00:00:00Reported by https://gitlab.com/gitlab-org/security-products/gemnasium-dbType

gitlab

gitlab🔗 gitlab.com👁 33 Views

Improper Control of Code Generation allows Remote Code Executio

Reporter	Title	Published	Views	Family All 45
0day.today	Rails 5.0.1 - Remote Code Execution Exploit	27 Jul 202000:00	–	zdt
GithubExploit	Exploit for Code Injection in Rubyonrails Rails	19 Jun 202021:03	–	githubexploit
GithubExploit	Exploit for Code Injection in Rubyonrails Rails	18 Jul 202018:42	–	githubexploit
GithubExploit	Exploit for Code Injection in Rubyonrails Rails	19 Jun 202021:03	–	githubexploit
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails	18 Jul 202006:08	–	ibm
BDU FSTEC	The vulnerability of the module component in the module/delegation.rb of the Ruby on Rails software platform allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.	15 Mar 202100:00	–	bdu_fstec
FreeBSD	Rails -- remote code execution vulnerability	15 May 202000:00	–	freebsd
Circl	CVE-2020-8163	24 Jun 202008:55	–	circl
CNVD	Ruby on Rails Remote Code Execution Vulnerability (CNVD-2020-34451)	19 May 202000:00	–	cnvd
Check Point Advisories	Rails Remote Code Execution (CVE-2020-8163)	6 Nov 202200:00	–	checkpoint_advisories

Vulners

Node

gem actionviewRange<5.0.1

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-8163
hackerone	www.hackerone.com/reports/304805
groups	www.groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
lists	www.lists.debian.org/debian-lts-announce/2020/07/msg00013.html
packetstormsecurity	www.packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html

02 Jul 2020 00:00Current

5Medium risk

Vulners AI Score5

CVSS 26.5

CVSS 3.18.8

EPSS0.83085

code injection rails rce vulnerability