CVE-2020-8163:CVE-2020-8163-在Rails中远程执行用户提供的本地名称的代码

Ruby

CVE-2020-8163 CVE-2020-8163-在Rails中远程执行用户提供的本地名称的代码在Rails <5.0.1中远程执行用户提供的本地名称 5.0.1之前的Rails版本中存在一个漏洞，该漏洞将允许攻击者控制render调用的locals参数。已为该漏洞分配了CVE标识符CVE-2020-8163。受影响的版本：rails <5.0.1不受影响：不允许用户控制本地名称的应用程序。固定版本：4.2.11.2 漏洞应用：我包含了一个可用于测试目的的易受攻击的应用程序。易受攻击的端点是： main/index

文件下载

资源详情

[{"title":"（ 69 个子文件 36KB ） CVE-2020-8163:CVE-2020-8163-在Rails中远程执行用户提供的本地名称的代码","children":[{"title":"CVE-2020-8163-master","children":[{"title":"README.md 669B ","children":null,"spread":false},{"title":"testapp","children":[{"title":".byebug_history 260B ","children":null,"spread":false},{"title":"log","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":true},{"title":"public","children":[{"title":"500.html 1.44KB ","children":null,"spread":false},{"title":"robots.txt 202B ","children":null,"spread":false},{"title":"422.html 1.51KB ","children":null,"spread":false},{"title":"favicon.ico 0B ","children":null,"spread":false},{"title":"404.html 1.53KB ","children":null,"spread":false}],"spread":true},{"title":"config.ru 153B ","children":null,"spread":false},{"title":"db","children":[{"title":"seeds.rb 343B ","children":null,"spread":false}],"spread":true},{"title":"lib","children":[{"title":"tasks","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":true},{"title":"assets","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":true}],"spread":true},{"title":"Gemfile 1.42KB ","children":null,"spread":false},{"title":"README.rdoc 478B ","children":null,"spread":false},{"title":"Rakefile 249B ","children":null,"spread":false},{"title":"config","children":[{"title":"initializers","children":[{"title":"wrap_parameters.rb 372B ","children":null,"spread":false},{"title":"inflections.rb 647B ","children":null,"spread":false},{"title":"cookies_serializer.rb 129B ","children":null,"spread":false},{"title":"session_store.rb 135B ","children":null,"spread":false},{"title":"to_time_preserves_timezone.rb 500B ","children":null,"spread":false},{"title":"filter_parameter_logging.rb 194B ","children":null,"spread":false},{"title":"mime_types.rb 156B ","children":null,"spread":false},{"title":"backtrace_silencers.rb 404B ","children":null,"spread":false},{"title":"assets.rb 486B ","children":null,"spread":false}],"spread":true},{"title":"application.rb 1.23KB ","children":null,"spread":false},{"title":"environments","children":[{"title":"test.rb 1.71KB ","children":null,"spread":false},{"title":"development.rb 1.45KB ","children":null,"spread":false},{"title":"production.rb 3.13KB ","children":null,"spread":false}],"spread":false},{"title":"locales","children":[{"title":"en.yml 634B ","children":null,"spread":false}],"spread":false},{"title":"boot.rb 132B ","children":null,"spread":false},{"title":"secrets.yml 964B ","children":null,"spread":false},{"title":"routes.rb 1.60KB ","children":null,"spread":false},{"title":"environment.rb 150B ","children":null,"spread":false}],"spread":true},{"title":"test","children":[{"title":"test_helper.rb 212B ","children":null,"spread":false},{"title":"integration","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"models","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"controllers","children":[{"title":".keep 0B ","children":null,"spread":false},{"title":"main_controller_test.rb 239B ","children":null,"spread":false}],"spread":false},{"title":"fixtures","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"helpers","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"mailers","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"Gemfile.lock 4.16KB ","children":null,"spread":false},{"title":".gitignore 399B ","children":null,"spread":false},{"title":"app","children":[{"title":"views","children":[{"title":"layouts","children":[{"title":"application.html.erb 293B ","children":null,"spread":false}],"spread":false},{"title":"main","children":[{"title":"show.html.erb 66B ","children":null,"spread":false},{"title":"_partialtest.html.erb 12B ","children":null,"spread":false},{"title":"index.html.erb 121B ","children":null,"spread":false}],"spread":false}],"spread":false},{"title":"models","children":[{"title":".keep 0B ","children":null,"spread":false},{"title":"concerns","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false}],"spread":false},{"title":"controllers","children":[{"title":"application_controller.rb 204B ","children":null,"spread":false},{"title":"concerns","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"main_controller.rb 85B ","children":null,"spread":false}],"spread":false},{"title":"helpers","children":[{"title":"application_helper.rb 29B ","children":null,"spread":false},{"title":"main_helper.rb 22B ","children":null,"spread":false}],"spread":false},{"title":"mailers","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"assets","children":[{"title":"images","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"stylesheets","children":[{"title":"main.scss 175B ","children":null,"spread":false},{"title":"application.css 686B ","children":null,"spread":false}],"spread":false},{"title":"javascripts","children":[{"title":"application.js 661B ","children":null,"spread":false},{"title":"main.coffee 211B ","children":null,"spread":false}],"spread":false}],"spread":false}],"spread":false},{"title":"bin","children":[{"title":"setup 805B ","children":null,"spread":false},{"title":"bundle 129B ","children":null,"spread":false},{"title":"rake 213B ","children":null,"spread":false},{"title":"rails 268B ","children":null,"spread":false},{"title":"spring 507B ","children":null,"spread":false}],"spread":false},{"title":"vendor","children":[{"title":"assets","children":[{"title":"stylesheets","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false},{"title":"javascripts","children":[{"title":".keep 0B ","children":null,"spread":false}],"spread":false}],"spread":false}],"spread":false}],"spread":false},{"title":"metasploit.rb 0B ","children":null,"spread":false},{"title":"exploit.rb 859B ","children":null,"spread":false}],"spread":true}],"spread":true}]

评论信息

其他资源

免责申明

【只为小站】的资源来自网友分享，仅供学习研究，请务必在下载后24小时内给予删除，不得用于其他任何用途，否则后果自负。基于互联网的特殊性，【只为小站】无法对用户传输的作品、信息、内容的权属或合法性、合规性、真实性、科学性、完整权、有效性等进行实质审查；无论【只为小站】经营者是否已进行审查，用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。
本站所有资源不代表本站的观点或立场，基于网友分享，根据中国法律《信息网络传播权保护条例》第二十二条之规定，若资源存在侵权或相关问题请联系本站客服人员，zhiweidada#qq.com，请把#换成@，本站将给予最大的支持与配合，做到及时反馈和处理。关于更多版权及免责申明参见版权及免责申明

CVE-2020-8163:CVE-2020-8163-在Rails中远程执行用户提供的本地名称的代码

文件下载

资源详情

评论信息

其他资源

免责申明

个人信息

相关资源标签

热门下载

最新下载