Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2020-8163

Published: 02/07/2020 Updated: 24/05/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Rubyonrails

Vulnerability Summary

The is a code injection vulnerability in versions of Rails before 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails

debian debian linux 9.0

Exploits

Exploit DB: Ruby On Rails 5.0.1 Remote Code Execution
Ruby On Rails version 501 remote code execution exploit ...

Github Repositories

https://github.com/TK-Elliot/CVE-2020-8163

This is a exploit code for CVE-2020-8163

CVE-2020-8163 This is a exploit code for CVE-2020-8163 It's for educational purposes only

https://github.com/sh286/CVE-2020-8163

CVE-2020-8163 - Remote code execution of user-provided local names in Rails

CVE-2020-8163 CVE-2020-8163 - Remote code execution of user-provided local names in Rails Remote code execution of user-provided local names in Rails < 501 There was a vulnerability in versions of Rails prior to 501 that would allow an attacker who controlled the locals argument of a render call This vulnerability has been assigned the CVE identifier CVE-2020-8163

https://github.com/novanazizr/Rails-5.0.1---RCE

Rails-501---RCE Date: 2020-07-19 Author : Lucas Amorim (lucas@lucasamorimca) Vendor Homepage: wwwrubyonrailsorg Software Link: wwwrubyonrailsorg Version: Rails < 501 CVE-2020-8163 - Remote code execution of user-provided local names in Rails Remote code execution of user-provided local names in Rails < 501 There was a vulnerability in versions of Rails

https://github.com/lucasallan/CVE-2020-8163

CVE-2020-8163 - Remote code execution of user-provided local names in Rails

CVE-2020-8163 CVE-2020-8163 - Remote code execution of user-provided local names in Rails Remote code execution of user-provided local names in Rails < 501 There was a vulnerability in versions of Rails prior to 501 that would allow an attacker who controlled the locals argument of a render call This vulnerability has been assigned the CVE identifier CVE-2020-8163

https://github.com/h4ms1k/CVE-2020-8163

Enviroment and exploit to rce test

CVE-2020-8163 Enviroment and exploit to CVE-2020-8163 Blind remote code execution of user-provided local names in Rails < 501 and < 42112 Create the enviroment create docker container mapping port 4000 to 8001 sudo docker run --rm -it -p 8001:4000 ruby:23 bash update and install some tools in container apt update &

https://github.com/TKLinux966/CVE-2020-8163

This is a exploit code for CVE-2020-8163

CVE-2020-8163 This is a exploit code for CVE-2020-8163 It's for educational purposes only

References

CWE-94https://hackerone.com/reports/304805https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0https://lists.debian.org/debian-lts-announce/2020/07/msg00013.htmlhttp://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.htmlhttps://github.com/TK-Elliot/CVE-2020-8163
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook