Source: ruby-actionpack-page-caching Version: 1.1.0-1 Severity: grave Tags: security upstream
Hi, The following vulnerability was published for ruby-actionpack-page-caching. CVE-2020-8159[0]: | There is a vulnerability in actionpack_page-caching gem < v1.2.1 | that allows an attacker to write arbitrary files to a web server, | potentially resulting in remote code execution if the attacker can | write unescaped ERB to a view. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-8159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8159 [1] https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
