FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- remote code execution vulnerability

Affected packages
rubygem-actionview4 < 4.2.11.2

Details

VuXML ID ce6db19b-976e-11ea-93c4-08002728f74c
Discovery 2020-05-15
Entry 2020-05-16

Ruby on Rails blog:

Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released.

The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems.

References

CVE Name CVE-2020-8163
URL https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
URL https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/