NuytsTech Security

CVE-2020-8163

by ·

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

Date published : 2020-07-02

http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html

https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0

Tags: