Vulnerability Description
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rubyonrails | Actionpack Page-Caching | < 1.2.1 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://groups.google.com/forum/#%21topic/rubyonrails-security/CFRVkEytdP8
- https://lists.debian.org/debian-lts-announce/2021/07/msg00019.htmlMailing ListThird Party Advisory
- https://groups.google.com/forum/#%21topic/rubyonrails-security/CFRVkEytdP8
- https://lists.debian.org/debian-lts-announce/2021/07/msg00019.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-8159?
CVE-2020-8159 is a vulnerability with a CVSS score of 9.8 (CRITICAL). There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can wr...
How severe is CVE-2020-8159?
CVE-2020-8159 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-8159?
Check the references section above for vendor advisories and patch information. Affected products include: Rubyonrails Actionpack Page-Caching, Debian Debian Linux.