CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Rubyonrails: >> Rails >> 5.2.2.1 Security Vulnerabilities

CVE-2020-8167

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

CVSS Score

6.5

EPSS Score

0.006

Published

2020-06-19

CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

CVSS Score

7.5

EPSS Score

0.015

Published

2020-06-19

CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

CVSS Score

7.5

EPSS Score

0.08

Published

2020-06-19

Page 2

Vulnerabilities

Vulnerable Software

Rubyonrails: >> Rails >> 5.2.2.1 Security Vulnerabilities

Products

Pricing

Contact Us