VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-kzh6-upd9-9fdk

Essentials
Severities (14)
References (6)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kzh6-upd9-9fdk
Aliases	CVE-2020-5257 GHSA-2p5p-m353-833w
Summary
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

System	Score	Found at
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2020-5257
cvssv3	7.7	https://github.com/advisories/GHSA-2p5p-m353-833w
cvssv3.1	7.7	https://github.com/advisories/GHSA-2p5p-m353-833w
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-2p5p-m353-833w
generic_textual	HIGH	https://github.com/advisories/GHSA-2p5p-m353-833w
cvssv3.1	7.7	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/administrate/CVE-2020-5257.yml
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/administrate/CVE-2020-5257.yml
cvssv3.1	7.7	https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3
generic_textual	HIGH	https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3
cvssv3.1	7.7	https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w
cvssv3.1_qr	HIGH	https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w
generic_textual	HIGH	https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w
cvssv3.1	7.7	https://nvd.nist.gov/vuln/detail/CVE-2020-5257
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-5257

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2020-5257
		https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3
CVE-2020-5257		https://nvd.nist.gov/vuln/detail/CVE-2020-5257
CVE-2020-5257.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/administrate/CVE-2020-5257.yml
GHSA-2p5p-m353-833w		https://github.com/advisories/GHSA-2p5p-m353-833w
GHSA-2p5p-m353-833w		https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/advisories/GHSA-2p5p-m353-833w

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/administrate/CVE-2020-5257.yml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-5257

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.40197
EPSS Score	0.00186
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T22:05:04.244600+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	38.6.0