Closed maikypedia closed 1 year ago
Your submission is now in status Final decision.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Hi @maikypedia ,
Thanks for the submission! We have reviewed your report and validated your findings. After internally assessing the findings and the query we have determined the CVE provided in this submission is not applicable and therefore your submission is not eligible for a reward under the Bug Bounty program.
Best regards and happy hacking!
Your submission is now in status Closed.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Query PR
https://github.com/github/codeql/pull/12821
Language
Ruby
CVE(s) ID list
CWE
CWE‑94: Code Injection
Report
This query detects
render inline:
(Rails) as sink for Server Side Template Injection vulnerability, that happens when an attacker is able to inject code into the template construction which gets evaluated, leading to RCE.Using the query with MRVA I've found a Bootstrap demo app that was vulnerable (I have to say that the application was intended to render ERB), but it can be an example that it is a dangerous sink.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response