CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8159

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.054

EPSS Ranking 89.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-8159

Rubyonrails » Actionpack Page-Caching » Version: 1.0.0

cpe:2.3:a:rubyonrails:actionpack_page-caching:1.0.0
Rubyonrails » Actionpack Page-Caching » Version: 1.0.1

cpe:2.3:a:rubyonrails:actionpack_page-caching:1.0.1
Rubyonrails » Actionpack Page-Caching » Version: 1.0.2

cpe:2.3:a:rubyonrails:actionpack_page-caching:1.0.2
Rubyonrails » Actionpack Page-Caching » Version: 1.1.0

cpe:2.3:a:rubyonrails:actionpack_page-caching:1.1.0
Rubyonrails » Actionpack Page-Caching » Version: 1.1.1

cpe:2.3:a:rubyonrails:actionpack_page-caching:1.1.1
Rubyonrails » Actionpack Page-Caching » Version: 1.2.0

cpe:2.3:a:rubyonrails:actionpack_page-caching:1.2.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8159

Products

Pricing

Contact Us