## https://sploitus.com/exploit?id=SAINT:7385D23ED87A54FB8E74EC22B5CCE310
Added: 07/29/2020
CVE: CVE-2020-8163
### Background
Ruby on Rails is a web application framework written in Ruby.
### Problem
Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands.
### Resolution
Upgrade to Ruby on Rails 5.0.1 or higher, or configure the application not to allow users to control the names of local variables.
### References
https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0?pli=1
### Limitations
The path to a web application resource which allows users to control the names of local variables must be specified.
### Platforms
Linux