[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8163":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":85,"duplicate_of":9,"upstream":86,"downstream":87,"duplicates":96,"related":97,"reserved_at":9,"published_at":99,"modified_at":100,"state":101,"summary":102,"references_raw":110,"kevs":135,"epss":136,"epss_history":139,"metrics":347,"affected":358},"CVE-2020-8163","The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[63,72],{"_key":64,"name":65,"source":66,"url":67,"maturity":68,"reliability_score":69,"verified":70,"type":9,"platforms":71,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_11B2ED477BC36110","Exploit Reference (packetstormsecurity.com)","reference","http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html","unknown",0.2,false,[],{"_key":73,"name":74,"source":75,"url":76,"maturity":77,"reliability_score":78,"verified":70,"type":9,"platforms":79,"requires_auth":9,"exploitdb":81,"metasploit":9},"48716","Rails 5.0.1 - Remote Code Execution","exploit-database","https://www.exploit-db.com/exploits/48716","poc",0.5,[80],"ruby",{"verified":70,"type":82,"platform":80,"file":83,"codes":84},"webapps","exploits/ruby/webapps/48716.rb",[7],[],[],[88,90,92,94],{"_key":89},"SUSE-SU-2020:2140-1",{"_key":91},"DLA-2282-1",{"_key":93},"DEBIAN-CVE-2020-8163",{"_key":95},"UBUNTU-CVE-2020-8163",[],[98],{"_key":89},"2020-07-02T18:35:12.000Z","2024-08-04T09:48:25.683Z","Modified",{"cisa_kev":70,"cisa_ransomware":70,"cisa_vendor":9,"epss_severity":103,"epss_score":104,"severity":105,"severity_score":106,"severity_version":107,"severity_source":108,"severity_vector":109,"severity_status":101},"critical",0.91071,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[111,119,125,130],{"url":112,"sources":113,"tags":115},"https://hackerone.com/reports/304805",[114,108],"cve.org",[116,117,118],"X Refsource MISC","Permissions Required","Third Party Advisory",{"url":120,"sources":121,"tags":122},"https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0",[114,108],[116,123,124,118],"Mailing List","Patch",{"url":126,"sources":127,"tags":128},"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html",[114,108],[123,129,118],"X Refsource MLIST",{"url":67,"sources":131,"tags":132},[114,108],[116,133,118,134],"Exploit","VDB Entry",[],{"date":137,"score":104,"percentile":138},"2026-06-04",0.99657,[140,144,147,149,153,155,157,159,161,164,166,168,170,172,174,178,180,182,184,186,188,190,192,194,196,198,200,202,206,208,210,213,215,217,219,222,224,226,228,230,232,234,238,240,243,245,247,249,251,254,256,258,260,262,264,266,268,270,273,276,279,281,283,285,287,289,291,293,296,299,301,303,306,308,310,313,315,317,319,321,323,326,329,332,334,336,338,340,342,344],{"date":141,"score":142,"percentile":143},"2025-11-04",0.90646,0.99589,{"date":145,"score":142,"percentile":146},"2025-11-05",0.99588,{"date":148,"score":142,"percentile":146},"2025-11-06",{"date":150,"score":151,"percentile":152},"2025-11-07",0.90484,0.99575,{"date":154,"score":151,"percentile":152},"2025-11-08",{"date":156,"score":151,"percentile":152},"2025-11-09",{"date":158,"score":151,"percentile":152},"2025-11-10",{"date":160,"score":151,"percentile":152},"2025-11-11",{"date":162,"score":151,"percentile":163},"2025-11-12",0.99576,{"date":165,"score":151,"percentile":163},"2025-11-13",{"date":167,"score":151,"percentile":163},"2025-11-14",{"date":169,"score":151,"percentile":163},"2025-11-15",{"date":171,"score":151,"percentile":163},"2025-11-16",{"date":173,"score":151,"percentile":163},"2025-11-17",{"date":175,"score":176,"percentile":177},"2025-11-18",0.89405,0.99638,{"date":179,"score":176,"percentile":177},"2025-11-19",{"date":181,"score":176,"percentile":177},"2025-11-20",{"date":183,"score":151,"percentile":163},"2025-11-21",{"date":185,"score":151,"percentile":163},"2025-11-22",{"date":187,"score":151,"percentile":163},"2025-11-23",{"date":189,"score":151,"percentile":152},"2025-11-24",{"date":191,"score":151,"percentile":152},"2025-11-25",{"date":193,"score":151,"percentile":163},"2025-11-26",{"date":195,"score":151,"percentile":163},"2025-11-27",{"date":197,"score":151,"percentile":163},"2025-11-28",{"date":199,"score":151,"percentile":163},"2025-11-29",{"date":201,"score":151,"percentile":163},"2025-11-30",{"date":203,"score":204,"percentile":205},"2025-12-01",0.83272,0.99235,{"date":207,"score":204,"percentile":205},"2025-12-02",{"date":209,"score":204,"percentile":205},"2025-12-03",{"date":211,"score":151,"percentile":212},"2025-12-04",0.99578,{"date":214,"score":151,"percentile":212},"2025-12-05",{"date":216,"score":151,"percentile":212},"2025-12-06",{"date":218,"score":151,"percentile":212},"2025-12-07",{"date":220,"score":151,"percentile":221},"2025-12-08",0.99579,{"date":223,"score":151,"percentile":221},"2025-12-09",{"date":225,"score":151,"percentile":221},"2025-12-10",{"date":227,"score":151,"percentile":221},"2025-12-11",{"date":229,"score":151,"percentile":221},"2025-12-12",{"date":231,"score":151,"percentile":221},"2025-12-13",{"date":233,"score":151,"percentile":221},"2025-12-14",{"date":235,"score":236,"percentile":237},"2025-12-15",0.90927,0.99607,{"date":239,"score":236,"percentile":237},"2025-12-16",{"date":241,"score":236,"percentile":242},"2025-12-17",0.99608,{"date":244,"score":236,"percentile":242},"2025-12-18",{"date":246,"score":236,"percentile":242},"2025-12-19",{"date":248,"score":236,"percentile":242},"2025-12-20",{"date":250,"score":236,"percentile":242},"2025-12-21",{"date":252,"score":236,"percentile":253},"2025-12-22",0.99609,{"date":255,"score":236,"percentile":242},"2025-12-23",{"date":257,"score":236,"percentile":242},"2025-12-24",{"date":259,"score":236,"percentile":242},"2025-12-25",{"date":261,"score":236,"percentile":253},"2025-12-26",{"date":263,"score":236,"percentile":253},"2025-12-27",{"date":265,"score":236,"percentile":253},"2025-12-28",{"date":267,"score":236,"percentile":253},"2025-12-29",{"date":269,"score":236,"percentile":253},"2025-12-30",{"date":271,"score":236,"percentile":272},"2025-12-31",0.9961,{"date":274,"score":204,"percentile":275},"2026-01-01",0.99249,{"date":277,"score":204,"percentile":278},"2026-01-02",0.99248,{"date":280,"score":204,"percentile":278},"2026-01-03",{"date":282,"score":236,"percentile":272},"2026-01-04",{"date":284,"score":236,"percentile":272},"2026-01-05",{"date":286,"score":236,"percentile":272},"2026-01-06",{"date":288,"score":236,"percentile":272},"2026-01-07",{"date":290,"score":236,"percentile":272},"2026-01-08",{"date":292,"score":236,"percentile":272},"2026-01-09",{"date":294,"score":236,"percentile":295},"2026-01-10",0.99611,{"date":297,"score":236,"percentile":298},"2026-01-11",0.99612,{"date":300,"score":236,"percentile":295},"2026-01-12",{"date":302,"score":236,"percentile":298},"2026-01-13",{"date":304,"score":236,"percentile":305},"2026-01-14",0.99613,{"date":307,"score":236,"percentile":305},"2026-01-15",{"date":309,"score":236,"percentile":305},"2026-01-16",{"date":311,"score":236,"percentile":312},"2026-01-17",0.99614,{"date":314,"score":236,"percentile":298},"2026-01-18",{"date":316,"score":236,"percentile":305},"2026-01-19",{"date":318,"score":236,"percentile":305},"2026-01-20",{"date":320,"score":236,"percentile":305},"2026-01-21",{"date":322,"score":236,"percentile":312},"2026-01-22",{"date":324,"score":236,"percentile":325},"2026-01-23",0.99615,{"date":327,"score":236,"percentile":328},"2026-01-24",0.99616,{"date":330,"score":236,"percentile":331},"2026-01-25",0.99617,{"date":333,"score":236,"percentile":331},"2026-01-26",{"date":335,"score":236,"percentile":331},"2026-01-27",{"date":337,"score":236,"percentile":331},"2026-01-28",{"date":339,"score":236,"percentile":331},"2026-01-29",{"date":341,"score":236,"percentile":331},"2026-01-30",{"date":343,"score":236,"percentile":331},"2026-01-31",{"date":345,"score":204,"percentile":346},"2026-02-01",0.99254,[348],{"source":108,"cvss_v2_0":349,"cvss_v3_0":9,"cvss_v3_1":354,"cvss_v4_0":9},{"baseScore":350,"baseSeverity":9,"vectorString":351,"impactScore":352,"exploitabilityScore":353},6.5,"AV:N/AC:L/Au:S/C:P/I:P/A:P",6.4,8,{"baseScore":106,"baseSeverity":355,"vectorString":109,"impactScore":356,"exploitabilityScore":357},"HIGH",9.8,7.2,[359,368],{"ecosystem":9,"name":360,"vendor":361,"product":362,"cpe_part":363,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":364},"debian linux","debian","debian_linux","o",[365],{"version":366,"is_range":70,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"ecosystem":9,"name":369,"vendor":370,"product":369,"cpe_part":371,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":372},"rails","rubyonrails","a",[373],{"version":374,"is_range":375,"range_type":367,"version_start":9,"version_start_type":9,"version_end":376,"version_end_type":377,"fixed_in":9},"lt5.0.1",true,"5.0.1","excluding"]