CVE-2020-8163

CVE-2020-8163

Vendor N/A
Product https://github.com/rails/rails
Weakness CWE-94 · Code injection
Published July 2, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

Key dates

02Disclosure timeline

July 2, 2020 CVE published
August 4, 2024 Record updated