CVE-2020-8159

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
References
Link Resource
https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 Exploit Mailing List Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rubyonrails:actionpack_page-caching:*:*:*:*:*:ruby:*:*

History

No history.

Information

Published : 2020-05-12 13:15

Updated : 2021-07-23 19:15


NVD link : CVE-2020-8159

Mitre link : CVE-2020-8159


JSON object : View

Products Affected

rubyonrails

  • actionpack_page-caching
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')