CVE-2020-8163

High

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument…

hackerone·CWE-94·Published 2020-07-02

CVSS

8.8

EPSS

0.83

KEV

Exploits

cve.orgen

175 chars

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

NVDen

175 chars

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

OSV.deven

176 chars

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

GHSAen

176 chars

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

NVDes

206 chars

Se trata de una vulnerabilidad de inyección de código en versiones de Rails anteriores a 5.0.1, que permitiría a un atacante que controlara el argumento "locals" de una llamada "render" para realizar un RCE

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H