vulnerability
FreeBSD: VID-CE6DB19B-976E-11EA-93C4-08002728F74C (CVE-2020-8163): Rails -- remote code execution vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | May 15, 2020 | May 18, 2020 | Oct 20, 2020 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
May 15, 2020
Added
May 18, 2020
Modified
Oct 20, 2020
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-CE6DB19B-976E-11EA-93C4-08002728F74C:
Ruby on Rails blog:
Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant
error. To address this Rails 4.2.11.3 has been released.
The original announcement for CVE-2020-8163 has a follow-up message
with an updated patch if you’re unable to use the gems.
Solution
freebsd-upgrade-package-rubygem-actionview4
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.