CVE-2020-8163

Summary

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/railsFixed in 4.2.11.2affected

Weaknesses

  • CWE-94: Code Injection (CWE-94)

ADP Enrichment

CVE Program Container

Additional References

References