Vulnerability Details CVE-2020-8185
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
- https://hackerone.com/reports/899069
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
- https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
- https://hackerone.com/reports/899069
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
Products affected by CVE-2020-8185
-
cpe:2.3:a:rubyonrails:rails:6.0.0
-
cpe:2.3:a:rubyonrails:rails:6.0.1
-
cpe:2.3:a:rubyonrails:rails:6.0.2
-
cpe:2.3:a:rubyonrails:rails:6.0.2.1
-
cpe:2.3:a:rubyonrails:rails:6.0.2.2
-
cpe:2.3:a:rubyonrails:rails:6.0.3
-
cpe:2.3:a:rubyonrails:rails:6.0.3.1
-
cpe:2.3:o:fedoraproject:fedora:33