[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8162":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":330,"aliases":340,"duplicate_of":9,"upstream":341,"downstream":342,"duplicates":353,"related":354,"reserved_at":9,"published_at":356,"modified_at":357,"state":358,"summary":359,"references_raw":367,"kevs":387,"epss":388,"epss_history":391,"metrics":651,"affected":661},"CVE-2020-8162","A client side enforcement of server side security vulnerability exists in rails \u003C 5.2.4.2 and rails \u003C 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.",null,[11,68],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-434","Unrestricted Upload of File with Dangerous Type","The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",{"_key":69,"id":69,"name":70,"description":71,"type":15,"status":16,"abstraction":72,"likelihood_of_exploit":18,"capec":73},"CWE-602","Client-Side Enforcement of Server-Side Security","The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.","Class",[74,78,82,86,90,255,281,310,314,318,322,326],{"id":75,"name":76,"techniques":77},"CAPEC-162","Manipulating Hidden Fields",[],{"id":79,"name":80,"techniques":81},"CAPEC-202","Create Malicious Client",[],{"id":83,"name":84,"techniques":85},"CAPEC-207","Removing Important Client Functionality",[],{"id":87,"name":88,"techniques":89},"CAPEC-208","Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements",[],{"id":91,"name":92,"techniques":93},"CAPEC-21","Exploitation of Trusted Identifiers",[94,201,231],{"id":95,"name":96,"tactics":97,"countermeasures":101},"T1134","Access Token Manipulation",[98,99,100],{"id":35,"name":36},{"id":38,"name":39},{"id":32,"name":33},[102,106,110,114,118,122,126,130,134,139,143,147,152,156,160,164,168,172,176,180,185,189,193,197],{"id":103,"name":104,"tactic":105},"D3-CI","Configuration Inventory",{"name":48},{"id":107,"name":108,"tactic":109},"D3-NTPM","Network Traffic Policy Mapping",{"name":48},{"id":111,"name":112,"tactic":113},"D3-AM","Access Modeling",{"name":48},{"id":115,"name":116,"tactic":117},"D3-AEM","Application Exception Monitoring",{"name":57},{"id":119,"name":120,"tactic":121},"D3-SCA","System Call Analysis",{"name":57},{"id":123,"name":124,"tactic":125},"D3-CCSA","Credential Compromise Scope Analysis",{"name":57},{"id":127,"name":128,"tactic":129},"D3-OPM","Operational Process Monitoring",{"name":57},{"id":131,"name":132,"tactic":133},"D3-PSA","Process Spawn Analysis",{"name":57},{"id":135,"name":136,"tactic":137},"D3-ST","Session Termination",{"name":138},"Evict",{"id":140,"name":141,"tactic":142},"D3-CR","Credential Revocation",{"name":138},{"id":144,"name":145,"tactic":146},"D3-ANCI","Authentication Cache Invalidation",{"name":138},{"id":148,"name":149,"tactic":150},"D3-DUC","Decoy User Credential",{"name":151},"Deceive",{"id":153,"name":154,"tactic":155},"D3-CH","Credential Hardening",{"name":62},{"id":157,"name":158,"tactic":159},"D3-MFA","Multi-factor Authentication",{"name":62},{"id":161,"name":162,"tactic":163},"D3-CRO","Credential Rotation",{"name":62},{"id":165,"name":166,"tactic":167},"D3-TB","Token Binding",{"name":62},{"id":169,"name":170,"tactic":171},"D3-TBA","Token-based Authentication",{"name":62},{"id":173,"name":174,"tactic":175},"D3-RC","Restore Configuration",{"name":67},{"id":177,"name":178,"tactic":179},"D3-RIC","Reissue Credential",{"name":67},{"id":181,"name":182,"tactic":183},"D3-SCF","System Call Filtering",{"name":184},"Isolate",{"id":186,"name":187,"tactic":188},"D3-CTS","Credential Transmission Scoping",{"name":184},{"id":190,"name":191,"tactic":192},"D3-EAL","Executable Allowlisting",{"name":184},{"id":194,"name":195,"tactic":196},"D3-EDL","Executable Denylisting",{"name":184},{"id":198,"name":199,"tactic":200},"D3-HBPI","Hardware-based Process Isolation",{"name":184},{"id":202,"name":203,"tactics":204,"countermeasures":208},"T1528","Steal Application Access Token",[205],{"id":206,"name":207},"TA0031","Credential Access",[209,211,213,215,217,219,221,223,225,227,229],{"id":123,"name":124,"tactic":210},{"name":57},{"id":140,"name":141,"tactic":212},{"name":138},{"id":144,"name":145,"tactic":214},{"name":138},{"id":148,"name":149,"tactic":216},{"name":151},{"id":153,"name":154,"tactic":218},{"name":62},{"id":157,"name":158,"tactic":220},{"name":62},{"id":161,"name":162,"tactic":222},{"name":62},{"id":165,"name":166,"tactic":224},{"name":62},{"id":169,"name":170,"tactic":226},{"name":62},{"id":177,"name":178,"tactic":228},{"name":67},{"id":186,"name":187,"tactic":230},{"name":184},{"id":232,"name":233,"tactics":234,"countermeasures":236},"T1539","Steal Web Session Cookie",[235],{"id":206,"name":207},[237,239,241,243,245,247,249,251,253],{"id":123,"name":124,"tactic":238},{"name":57},{"id":140,"name":141,"tactic":240},{"name":138},{"id":144,"name":145,"tactic":242},{"name":138},{"id":148,"name":149,"tactic":244},{"name":151},{"id":153,"name":154,"tactic":246},{"name":62},{"id":157,"name":158,"tactic":248},{"name":62},{"id":161,"name":162,"tactic":250},{"name":62},{"id":177,"name":178,"tactic":252},{"name":67},{"id":186,"name":187,"tactic":254},{"name":184},{"id":256,"name":257,"techniques":258},"CAPEC-31","Accessing/Intercepting/Modifying HTTP Cookies",[259],{"id":232,"name":233,"tactics":260,"countermeasures":262},[261],{"id":206,"name":207},[263,265,267,269,271,273,275,277,279],{"id":123,"name":124,"tactic":264},{"name":57},{"id":140,"name":141,"tactic":266},{"name":138},{"id":144,"name":145,"tactic":268},{"name":138},{"id":148,"name":149,"tactic":270},{"name":151},{"id":153,"name":154,"tactic":272},{"name":62},{"id":157,"name":158,"tactic":274},{"name":62},{"id":161,"name":162,"tactic":276},{"name":62},{"id":177,"name":178,"tactic":278},{"name":67},{"id":186,"name":187,"tactic":280},{"name":184},{"id":282,"name":283,"techniques":284},"CAPEC-383","Harvesting Information via API Event Monitoring",[285],{"id":286,"name":287,"tactics":288,"countermeasures":293},"T1056.004","Credential API Hooking",[289,292],{"id":290,"name":291},"TA0100","Collection",{"id":206,"name":207},[294,298,302,306],{"id":295,"name":296,"tactic":297},"D3-MBT","Memory Boundary Tracking",{"name":57},{"id":299,"name":300,"tactic":301},"D3-PCSV","Process Code Segment Verification",{"name":57},{"id":303,"name":304,"tactic":305},"D3-PSEP","Process Segment Execution Prevention",{"name":62},{"id":307,"name":308,"tactic":309},"D3-SAOR","Segment Address Offset Randomization",{"name":62},{"id":311,"name":312,"techniques":313},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":315,"name":316,"techniques":317},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":319,"name":320,"techniques":321},"CAPEC-386","Application API Navigation Remapping",[],{"id":323,"name":324,"techniques":325},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":327,"name":328,"techniques":329},"CAPEC-388","Application API Button Hijacking",[],[331],{"_key":332,"name":333,"source":334,"url":335,"maturity":336,"reliability_score":337,"verified":338,"type":9,"platforms":339,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_C242C258C80B920A","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/789579","unknown",0.2,false,[],[],[],[343,345,347,349,351],{"_key":344},"UBUNTU-CVE-2020-8162",{"_key":346},"OPENSUSE-SU-2024:11827-1",{"_key":348},"DSA-4766-1",{"_key":350},"DEBIAN-CVE-2020-8162",{"_key":352},"RHSA-2021:1313",[],[355],{"_key":346},"2020-06-19T17:02:42.000Z","2024-08-04T09:48:25.603Z","Modified",{"cisa_kev":338,"cisa_ransomware":338,"cisa_vendor":9,"epss_severity":360,"epss_score":361,"severity":362,"severity_score":363,"severity_version":364,"severity_source":365,"severity_vector":366,"severity_status":358},"low",0.01549,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[368,375,381],{"url":335,"sources":369,"tags":371},[370,365],"cve.org",[372,373,374],"X Refsource MISC","Exploit","Third Party Advisory",{"url":376,"sources":377,"tags":378},"https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ",[370,365],[372,379,380,374],"Mailing List","Patch",{"url":382,"sources":383,"tags":384},"https://www.debian.org/security/2020/dsa-4766",[370,365],[385,386,374],"Vendor Advisory","X Refsource DEBIAN",[],{"date":389,"score":361,"percentile":390},"2026-06-04",0.81741,[392,395,398,401,404,407,410,413,416,419,422,425,428,430,433,437,440,443,446,449,452,455,458,461,464,467,469,472,476,479,482,485,488,490,493,496,499,502,505,508,511,514,517,520,523,526,529,531,534,536,539,542,545,548,551,554,557,560,563,566,569,571,574,577,579,581,584,587,590,592,595,598,601,603,606,609,612,614,617,619,622,625,628,631,634,637,640,642,645,648],{"date":393,"score":361,"percentile":394},"2025-11-04",0.8079,{"date":396,"score":361,"percentile":397},"2025-11-05",0.80792,{"date":399,"score":361,"percentile":400},"2025-11-06",0.80793,{"date":402,"score":361,"percentile":403},"2025-11-07",0.80804,{"date":405,"score":361,"percentile":406},"2025-11-08",0.80812,{"date":408,"score":361,"percentile":409},"2025-11-09",0.80808,{"date":411,"score":361,"percentile":412},"2025-11-10",0.80803,{"date":414,"score":361,"percentile":415},"2025-11-11",0.80805,{"date":417,"score":361,"percentile":418},"2025-11-12",0.80818,{"date":420,"score":361,"percentile":421},"2025-11-13",0.80824,{"date":423,"score":361,"percentile":424},"2025-11-14",0.8083,{"date":426,"score":361,"percentile":427},"2025-11-15",0.80825,{"date":429,"score":361,"percentile":427},"2025-11-16",{"date":431,"score":361,"percentile":432},"2025-11-17",0.80822,{"date":434,"score":435,"percentile":436},"2025-11-18",0.00574,0.66163,{"date":438,"score":435,"percentile":439},"2025-11-19",0.6617,{"date":441,"score":435,"percentile":442},"2025-11-20",0.66166,{"date":444,"score":361,"percentile":445},"2025-11-21",0.80842,{"date":447,"score":361,"percentile":448},"2025-11-22",0.80843,{"date":450,"score":361,"percentile":451},"2025-11-23",0.80834,{"date":453,"score":361,"percentile":454},"2025-11-24",0.80835,{"date":456,"score":361,"percentile":457},"2025-11-25",0.80838,{"date":459,"score":361,"percentile":460},"2025-11-26",0.8084,{"date":462,"score":361,"percentile":463},"2025-11-27",0.80845,{"date":465,"score":361,"percentile":466},"2025-11-28",0.80837,{"date":468,"score":361,"percentile":448},"2025-11-29",{"date":470,"score":361,"percentile":471},"2025-11-30",0.80848,{"date":473,"score":474,"percentile":475},"2025-12-01",0.01137,0.77868,{"date":477,"score":474,"percentile":478},"2025-12-02",0.77876,{"date":480,"score":474,"percentile":481},"2025-12-03",0.77861,{"date":483,"score":361,"percentile":484},"2025-12-04",0.80852,{"date":486,"score":361,"percentile":487},"2025-12-05",0.8086,{"date":489,"score":361,"percentile":487},"2025-12-06",{"date":491,"score":361,"percentile":492},"2025-12-07",0.80859,{"date":494,"score":361,"percentile":495},"2025-12-08",0.80862,{"date":497,"score":361,"percentile":498},"2025-12-09",0.80876,{"date":500,"score":361,"percentile":501},"2025-12-10",0.80902,{"date":503,"score":361,"percentile":504},"2025-12-11",0.80914,{"date":506,"score":361,"percentile":507},"2025-12-12",0.80928,{"date":509,"score":361,"percentile":510},"2025-12-13",0.80927,{"date":512,"score":361,"percentile":513},"2025-12-14",0.80924,{"date":515,"score":361,"percentile":516},"2025-12-15",0.80921,{"date":518,"score":361,"percentile":519},"2025-12-16",0.80931,{"date":521,"score":361,"percentile":522},"2025-12-17",0.8094,{"date":524,"score":361,"percentile":525},"2025-12-18",0.80959,{"date":527,"score":361,"percentile":528},"2025-12-19",0.80965,{"date":530,"score":361,"percentile":525},"2025-12-20",{"date":532,"score":361,"percentile":533},"2025-12-21",0.80953,{"date":535,"score":361,"percentile":533},"2025-12-22",{"date":537,"score":361,"percentile":538},"2025-12-23",0.80956,{"date":540,"score":361,"percentile":541},"2025-12-24",0.80969,{"date":543,"score":361,"percentile":544},"2025-12-25",0.80986,{"date":546,"score":361,"percentile":547},"2025-12-26",0.80987,{"date":549,"score":361,"percentile":550},"2025-12-27",0.81024,{"date":552,"score":361,"percentile":553},"2025-12-28",0.80974,{"date":555,"score":361,"percentile":556},"2025-12-29",0.80971,{"date":558,"score":361,"percentile":559},"2025-12-30",0.80978,{"date":561,"score":361,"percentile":562},"2025-12-31",0.80992,{"date":564,"score":474,"percentile":565},"2026-01-01",0.78027,{"date":567,"score":474,"percentile":568},"2026-01-02",0.78029,{"date":570,"score":474,"percentile":565},"2026-01-03",{"date":572,"score":361,"percentile":573},"2026-01-04",0.80972,{"date":575,"score":361,"percentile":576},"2026-01-05",0.80967,{"date":578,"score":361,"percentile":556},"2026-01-06",{"date":580,"score":361,"percentile":553},"2026-01-07",{"date":582,"score":361,"percentile":583},"2026-01-08",0.80983,{"date":585,"score":361,"percentile":586},"2026-01-09",0.80984,{"date":588,"score":361,"percentile":589},"2026-01-10",0.80985,{"date":591,"score":361,"percentile":559},"2026-01-11",{"date":593,"score":361,"percentile":594},"2026-01-12",0.8097,{"date":596,"score":361,"percentile":597},"2026-01-13",0.80968,{"date":599,"score":361,"percentile":600},"2026-01-14",0.80989,{"date":602,"score":361,"percentile":600},"2026-01-15",{"date":604,"score":361,"percentile":605},"2026-01-16",0.80998,{"date":607,"score":361,"percentile":608},"2026-01-17",0.81005,{"date":610,"score":361,"percentile":611},"2026-01-18",0.80995,{"date":613,"score":361,"percentile":600},"2026-01-19",{"date":615,"score":361,"percentile":616},"2026-01-20",0.80991,{"date":618,"score":361,"percentile":605},"2026-01-21",{"date":620,"score":361,"percentile":621},"2026-01-22",0.81007,{"date":623,"score":361,"percentile":624},"2026-01-23",0.8103,{"date":626,"score":361,"percentile":627},"2026-01-24",0.81038,{"date":629,"score":361,"percentile":630},"2026-01-25",0.81031,{"date":632,"score":361,"percentile":633},"2026-01-26",0.81032,{"date":635,"score":361,"percentile":636},"2026-01-27",0.81036,{"date":638,"score":361,"percentile":639},"2026-01-28",0.81034,{"date":641,"score":361,"percentile":624},"2026-01-29",{"date":643,"score":361,"percentile":644},"2026-01-30",0.81029,{"date":646,"score":361,"percentile":647},"2026-01-31",0.81035,{"date":649,"score":474,"percentile":650},"2026-02-01",0.78087,[652],{"source":365,"cvss_v2_0":653,"cvss_v3_0":9,"cvss_v3_1":658,"cvss_v4_0":9},{"baseScore":654,"baseSeverity":9,"vectorString":655,"impactScore":656,"exploitabilityScore":657},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":363,"baseSeverity":659,"vectorString":366,"impactScore":660,"exploitabilityScore":657},"HIGH",6,[662,671],{"ecosystem":9,"name":663,"vendor":664,"product":665,"cpe_part":666,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":667},"debian linux","debian","debian_linux","o",[668],{"version":669,"is_range":338,"range_type":670,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":672,"vendor":673,"product":672,"cpe_part":674,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":675},"rails","rubyonrails","a",[676,681],{"version":677,"is_range":678,"range_type":670,"version_start":9,"version_start_type":9,"version_end":679,"version_end_type":680,"fixed_in":9},"lt5.2.4.2",true,"5.2.4.2","excluding",{"version":682,"is_range":678,"range_type":670,"version_start":683,"version_start_type":684,"version_end":685,"version_end_type":680,"fixed_in":9},"gte6.0.0_lt6.0.3.1","6.0.0","including","6.0.3.1"]