cvelistv5 - cve-2020-8163

CVE-2020-8163 (GCVE-0-2020-8163)

Vulnerability from cvelistv5

Published

2020-07-02 18:35

Modified

2024-08-04 09:48

Severity ?

CWE

CWE-94 - Code Injection ()

Summary

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

References

URL

	Vendor	Product	Version
	n/a	https://github.com/rails/rails	Version: Fixed in 4.2.11.2

CERTFR-2020-AVI-297

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Ruby on Rails. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ruby on Rails	Ruby on Rails	Ruby on Rails versions antérieures à 4.2.11.3

References

Title

Publication Time

suse-su-2020:2140-1

Vulnerability from csaf_suse

Published

2020-08-06 09:05

Modified

2020-08-06 09:05

Summary

Security update for rubygem-actionview-4_2

Notes

Title of the patch

Security update for rubygem-actionview-4_2

Description of the patch

This update for rubygem-actionview-4_2 fixes the following issues: - Fixed a potential remote code execution of user-provided local names (bsc#1173144, CVE-2020-8163).

Patchnames

SUSE-2020-2140,SUSE-OpenStack-Cloud-6-LTSS-2020-2140,SUSE-OpenStack-Cloud-7-2020-2140,SUSE-OpenStack-Cloud-Crowbar-8-2020-2140,SUSE-OpenStack-Cloud-Crowbar-9-2020-2140

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for rubygem-actionview-4_2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for rubygem-actionview-4_2 fixes the following issues:\n\n- Fixed a potential remote code execution of user-provided local names (bsc#1173144, CVE-2020-8163).\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-2140,SUSE-OpenStack-Cloud-6-LTSS-2020-2140,SUSE-OpenStack-Cloud-7-2020-2140,SUSE-OpenStack-Cloud-Crowbar-8-2020-2140,SUSE-OpenStack-Cloud-Crowbar-9-2020-2140",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2140-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:2140-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202140-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:2140-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-August/007231.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173144",
        "url": "https://bugzilla.suse.com/1173144"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8163 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8163/"
      }
    ],
    "title": "Security update for rubygem-actionview-4_2",
    "tracking": {
      "current_release_date": "2020-08-06T09:05:11Z",
      "generator": {
        "date": "2020-08-06T09:05:11Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:2140-1",
      "initial_release_date": "2020-08-06T09:05:11Z",
      "revision_history": [
        {
          "date": "2020-08-06T09:05:11Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64",
                  "product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.aarch64",
                  "product_id": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64",
                  "product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.aarch64",
                  "product_id": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.i586",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.i586",
                  "product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.i586",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.i586",
                  "product_id": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.i586",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.i586",
                  "product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.i586",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.i586",
                  "product_id": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390",
                  "product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.s390",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.s390",
                  "product_id": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390",
                  "product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.s390",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.s390",
                  "product_id": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x",
                  "product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.s390x",
                  "product_id": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x",
                  "product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.s390x",
                  "product_id": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
                  "product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.x86_64",
                  "product_id": "ruby2.1-rubygem-actionview-doc-4_2-4.2.9-9.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
                  "product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.x86_64",
                  "product_id": "ruby2.1-rubygem-activesupport-doc-4_2-4.2.9-7.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 6-LTSS",
                "product": {
                  "name": "SUSE OpenStack Cloud 6-LTSS",
                  "product_id": "SUSE OpenStack Cloud 6-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-ltss:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 8",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 8",
                  "product_id": "SUSE OpenStack Cloud Crowbar 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 9",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 9",
                  "product_id": "SUSE OpenStack Cloud Crowbar 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64 as component of SUSE OpenStack Cloud 6-LTSS",
          "product_id": "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64 as component of SUSE OpenStack Cloud 6-LTSS",
          "product_id": "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64"
        },
        "product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x"
        },
        "product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64"
        },
        "product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x"
        },
        "product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8163",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8163"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
          "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
          "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64",
          "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x",
          "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
          "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64",
          "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x",
          "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8163",
          "url": "https://www.suse.com/security/cve/CVE-2020-8163"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173144 for CVE-2020-8163",
          "url": "https://bugzilla.suse.com/1173144"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.aarch64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.s390x",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.aarch64",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.s390x",
            "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-06T09:05:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8163"
    }
  ]
}

ghsa-cr3x-7m39-c6jq

Vulnerability from github

Published

2020-07-07 16:34

Modified

2023-07-05 20:22

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Remote code execution via user-provided local names in ActionView

Details

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call to perform a RCE.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.11.1"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionview"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.11.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8163"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-07T15:44:56Z",
    "nvd_published_at": "2020-07-02T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.",
  "id": "GHSA-cr3x-7m39-c6jq",
  "modified": "2023-07-05T20:22:39Z",
  "published": "2020-07-07T16:34:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/304805"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Remote code execution via user-provided local names in ActionView"
}

There was a vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call. Versions Affected: rails < 5.0.1 Not affected: Applications that do not allow users to control the names of locals. Fixed Versions: 4.2.11.2 Impact ------ In the scenario where an attacker might be able to control the name of a local passed into `render`, they can acheive remote code execution. Workarounds ----------- Until such time as the patch can be applied, application developers should ensure that all user-provided local names are alphanumeric.

Aliases

CVE-2020-8163

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8163",
    "description": "The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.",
    "id": "GSD-2020-8163",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-8163.html",
      "https://packetstormsecurity.com/files/cve/CVE-2020-8163"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "actionview",
            "purl": "pkg:gem/actionview"
          }
        }
      ],
      "aliases": [
        "CVE-2020-8163",
        "GHSA-cr3x-7m39-c6jq"
      ],
      "details": "There was a vulnerability in versions of Rails prior to 5.0.1 that would\nallow an attacker who controlled the `locals` argument of a `render` call.\n\nVersions Affected:  rails \u003c 5.0.1\nNot affected:       Applications that do not allow users to control the names of locals.\nFixed Versions:     4.2.11.2\n\nImpact\n------\n\nIn the scenario where an attacker might be able to control the name of a\nlocal passed into `render`, they can acheive remote code execution.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should\nensure that all user-provided local names are alphanumeric.\n",
      "id": "GSD-2020-8163",
      "modified": "2020-05-15T00:00:00.000Z",
      "published": "2020-05-15T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 8.8,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Potential remote code execution of user-provided local names in ActionView"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2020-8163",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "https://github.com/rails/rails",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Fixed in 4.2.11.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Code Injection (CWE-94)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://hackerone.com/reports/304805",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/304805"
          },
          {
            "name": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"
          },
          {
            "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2020-8163",
      "cvss_v3": 8.8,
      "date": "2020-05-15",
      "description": "There was a vulnerability in versions of Rails prior to 5.0.1 that would\nallow an attacker who controlled the `locals` argument of a `render` call.\n\nVersions Affected:  rails \u003c 5.0.1\nNot affected:       Applications that do not allow users to control the names of locals.\nFixed Versions:     4.2.11.2\n\nImpact\n------\n\nIn the scenario where an attacker might be able to control the name of a\nlocal passed into `render`, they can acheive remote code execution.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should\nensure that all user-provided local names are alphanumeric.\n",
      "framework": "rails",
      "gem": "actionview",
      "ghsa": "cr3x-7m39-c6jq",
      "patched_versions": [
        "\u003e= 4.2.11.2"
      ],
      "title": "Potential remote code execution of user-provided local names in ActionView",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c5.0.1",
          "affected_versions": "All versions before 5.0.1",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2020-07-27",
          "description": "The is a code injection vulnerability in versions of Rails that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.",
          "fixed_versions": [
            "5.0.1"
          ],
          "identifier": "CVE-2020-8163",
          "identifiers": [
            "CVE-2020-8163"
          ],
          "not_impacted": "All versions starting from 5.0.1",
          "package_slug": "gem/actionview",
          "pubdate": "2020-07-02",
          "solution": "Upgrade to version 5.0.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-8163",
            "https://hackerone.com/reports/304805",
            "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0",
            "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html",
            "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"
          ],
          "uuid": "e7b1faab-af9c-4887-91b6-f9bce85b8d52"
        },
        {
          "affected_range": "\u003c5.0.1",
          "affected_versions": "All versions before 5.0.1",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2020-07-27",
          "description": "There is a code injection vulnerability in versions of Rails that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.",
          "fixed_versions": [
            "5.0.1"
          ],
          "identifier": "CVE-2020-8163",
          "identifiers": [
            "CVE-2020-8163"
          ],
          "not_impacted": "All versions starting from 5.0.1",
          "package_slug": "gem/rails",
          "pubdate": "2020-07-02",
          "solution": "Upgrade to version 5.0.1 or above.",
          "title": "Code Injection",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-8163"
          ],
          "uuid": "41364cc8-22f6-4e1a-931b-1886194d132d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2020-8163"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/304805",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://hackerone.com/reports/304805"
            },
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"
            },
            {
              "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-05-24T16:06Z",
      "publishedDate": "2020-07-02T19:15Z"
    }
  }
}

cnvd-2020-34451

Vulnerability from cnvd

Title

Ruby on Rails远程代码执行漏洞（CNVD-2020-34451）

Description

Ruby on Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails 5.0.1之前版本中存在安全漏洞。远程攻击者可利用该漏洞执行代码。

Severity

高

Patch Name

Ruby on Rails远程代码执行漏洞（CNVD-2020-34451）的补丁

Patch Description

Ruby on Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails 5.0.1之前版本中存在安全漏洞。远程攻击者可利用该漏洞执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/rails/rails/commit/b395acf4673045c03fc7845b5103b801f0a5950d

Reference

https://www.auscert.org.au/bulletins/ESB-2020.1757/

Impacted products

Name
Rails Ruby on Rails <5.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8163",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163"
    }
  },
  "description": "Ruby on Rails\u662fRails\u56e2\u961f\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u3002\n\nRuby on Rails 5.0.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/rails/rails/commit/b395acf4673045c03fc7845b5103b801f0a5950d",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-34451",
  "openTime": "2020-06-23",
  "patchDescription": "Ruby on Rails\u662fRails\u56e2\u961f\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u3002\r\n\r\nRuby on Rails 5.0.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ruby on Rails\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-34451\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Rails Ruby on Rails \u003c5.0.1"
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.1757/",
  "serverity": "\u9ad8",
  "submitTime": "2020-05-19",
  "title": "Ruby on Rails\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-34451\uff09"
}

fkie_cve-2020-8163

Vulnerability from fkie_nvd

Published

2020-07-02 19:15

Modified

2024-11-21 05:38

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

References

URL	Tags
support@hackerone.com	http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
support@hackerone.com	https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0	Mailing List, Patch, Third Party Advisory
support@hackerone.com	https://hackerone.com/reports/304805	Permissions Required, Third Party Advisory
support@hackerone.com	https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://hackerone.com/reports/304805	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html	Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rubyonrails	rails	*
	debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44DA337-EE0D-4D0D-91BC-DB1916079E67",
              "versionEndExcluding": "5.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE."
    },
    {
      "lang": "es",
      "value": "Se trata de una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en versiones de Rails anteriores a 5.0.1, que permitir\u00eda a un atacante que controlara el argumento \"locals\" de una llamada \"render\" para realizar un RCE"
    }
  ],
  "id": "CVE-2020-8163",
  "lastModified": "2024-11-21T05:38:24.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-02T19:15:12.433",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/304805"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/304805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-8163 (GCVE-0-2020-8163)

Vulnerability from cvelistv5

CERTFR-2020-AVI-297

Vulnerability from certfr_avis

Solution

suse-su-2020:2140-1

Vulnerability from csaf_suse

ghsa-cr3x-7m39-c6jq

Vulnerability from github

gsd-2020-8163

Vulnerability from gsd

cnvd-2020-34451

Vulnerability from cnvd

fkie_cve-2020-8163

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature