Exploit for Ruby on Rails local names command execution CVE-2020-8163

Name: Exploit for Ruby on Rails local names command execution CVE-2020-8163
Rating: 5 (121 reviews)

2020-07-29 | CVSS 8.8

## https://sploitus.com/exploit?id=SAINT:7385D23ED87A54FB8E74EC22B5CCE310
Added: 07/29/2020  
CVE: CVE-2020-8163  


### Background

Ruby on Rails is a web application framework written in Ruby. 

### Problem

Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands. 

### Resolution

Upgrade to Ruby on Rails 5.0.1 or higher, or configure the application not to allow users to control the names of local variables. 

### References

https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0?pli=1   


### Limitations

The path to a web application resource which allows users to control the names of local variables must be specified. 

### Platforms

Linux