CVE-2020-8159: Path Traversal

May 12, 2020 (updated July 23, 2021)

There is a vulnerability in actionpack_page-caching that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

References

nvd.nist.gov/vuln/detail/CVE-2020-8159

Detect and mitigate CVE-2020-8159 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →