CVE-2020-8159

Published: May 12, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

Vendor	Product	Versions
n/a	https://github.com/rails/actionpack-page_caching	affected `v1.2.1`

Weaknesses (CWE)

CWE-22

References

https://groups.google.com/forum/#%21topic/rubyonrails-security/CFRVkEytdP8

x_refsource_MISC

[debian-lts-announce] 20210723 [SECURITY] [DLA 2719-1] ruby-actionpack-page-caching security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8159

Description

Affected Products

Weaknesses (CWE)

References