VDB

CVE-2020-8163

CVE-2020-8163 PUBLISHED

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

EPSS 91.07% · 99.7th percentile

Risk Scores

EPSS Score
91.07%
99.7th percentile

Affected Products

VendorProductVersions
Ubuntu:24.04:LTSrails0, 2:6.1.7.3+dfsg-3, 2:6.1.7.3+dfsg-2build1
Ubuntu:Pro:20.04:LTSrails*, 0, 2:5.2.3+dfsg-3
Ubuntu:Pro:16.04:LTSrails*, 0, 2:4.1.10-1
Ubuntu:Pro:18.04:LTSrails*, 2:4.2.10-0ubuntu4, 2:4.2.10-0ubuntu4+esm1
Ubuntu:25.10rails0, *, *
Ubuntu:Pro:22.04:LTSrails0, 2:6.1.4.1+dfsg-8ubuntu2+esm1, 2:6.0.3.7+dfsg-2

Timeline

  • Jul 2, 2020 CVE Published
  • Jul 27, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Nov 21, 2024 CVE Updated
  • Mar 27, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
  • May 25, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›