The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals
argument of a render
call to perform a RCE.
{ "nvd_published_at": "2020-07-02T19:15:00Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-07-07T15:44:56Z" }