Exploit Ruby on Rails local names command execution CVE-2020-8163

Name: Ruby on Rails local names command execution CVE-2020-8163
Rating: 5 (12 reviews)

2020-07-29 | CVSS 6.5

## https://sploitus.com/exploit?id=SAINT:7385D23ED87A54FB8E74EC22B5CCE310
Added: 07/29/2020  
CVE: [CVE-2020-8163](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163>)  


### Background

[Ruby on Rails](<http://rubyonrails.org/>) is a web application framework written in Ruby. 

### Problem

Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands. 

### Resolution

Upgrade to Ruby on Rails 5.0.1 or higher, or configure the application not to allow users to control the names of local variables. 

### References

<https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0?pli=1>  


### Limitations

The path to a web application resource which allows users to control the names of local variables must be specified. 

### Platforms

Linux