Share
## https://sploitus.com/exploit?id=SAINT:FF802506CE71C280DB334599267E7500
Added: 07/29/2020  
CVE: [CVE-2020-8163](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163>)  


### Background

[Ruby on Rails](<http://rubyonrails.org/>) is a web application framework written in Ruby. 

### Problem

Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands. 

### Resolution

Upgrade to Ruby on Rails 5.0.1 or higher, or configure the application not to allow users to control the names of local variables. 

### References

<https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0?pli=1>  


### Limitations

The path to a web application resource which allows users to control the names of local variables must be specified. 

### Platforms

Linux