Oval Definition:oval:org.opensuse.security:def:20208163
Revision Date:2022-05-22Version:1
Title:CVE-2020-8163
Description:

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2020-8163
SUSE-SU-2020:2140-1
Mitre CVE-2020-8163
SUSE CVE-2020-8163
SUSE-SU-2020:2140-1
Platform(s):SUSE OpenStack Cloud 6-LTSS
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 6-LTSS is installed
  • AND Package Information
  • ruby2.1-rubygem-actionview-4_2-4.2.9-9.9 is installed
  • OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6 is installed
  • OR rubygem-actionview-4_2-4.2.9-9.9 is installed
  • OR rubygem-activesupport-4_2-4.2.9-7.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1 is installed
  • OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1 is installed
  • OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1 is installed
  • OR ruby2.1-rubygem-rails-4_2 is affected
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1 is installed
  • OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1 is installed
  • OR ruby2.1-rubygem-rails-4_2 is affected
    • BACK