## https://sploitus.com/exploit?id=SAINT:FF802506CE71C280DB334599267E7500
Added: 07/29/2020
CVE: [CVE-2020-8163](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163>)
### Background
[Ruby on Rails](<http://rubyonrails.org/>) is a web application framework written in Ruby.
### Problem
Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands.
### Resolution
Upgrade to Ruby on Rails 5.0.1 or higher, or configure the application not to allow users to control the names of local variables.
### References
<https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0?pli=1>
### Limitations
The path to a web application resource which allows users to control the names of local variables must be specified.
### Platforms
Linux