CVE-2020-8159
Summary
| CVE | CVE-2020-8159 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-12 13:15:00 UTC |
| Updated | 2023-11-07 03:26:00 UTC |
| Description | There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Rubyonrails | Actionpack Page-caching | All | All | All | All |
| Application | Rubyonrails | Actionpack Page-caching | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Google Groups | groups.google.com | ||
| [SECURITY] [DLA 2719-1] ruby-actionpack-page-caching security update | MLIST | lists.debian.org | |
| Google Groups | MISC | groups.google.com | Exploit, Mailing List, Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178722 Debian Security Update for ruby-actionpack-page-caching (DLA 2719-1)