Critical severityOSV Advisory· Published May 12, 2020· Updated Aug 4, 2024
CVE-2020-8159
CVE-2020-8159
Description
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
actionpack-page_cachingRubyGems | < 1.2.1 | 1.2.1 |
Affected products
2- Range: v1.0.0, v1.0.1, v1.0.2, …
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-mg5p-95m9-rmfpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8159ghsaADVISORY
- github.com/rails/actionpack-page_caching/commit/127da70a559bed4fc573fdb4a6d498a7d5815ce2ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2021/07/msg00019.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.