Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-5420

Опубликовано: 27 мар. 2019
Источник: debian
EPSS Критический

Описание

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
railsfixed2:5.2.2.1+dfsg-1package
railsnot-affectedstretchpackage
railsnot-affectedjessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2019/03/13/3

  • Introduced in https://github.com/rails/rails/commit/69f976b859cae7f9d050152103da018b7f5dda6d

EPSS

Процентиль: 100%
0.93102
Критический

Связанные уязвимости

ubuntu логотип

CVE-2019-5420

CVSS3: 9.8
ubuntu
почти 7 лет назад

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

redhat логотип

CVE-2019-5420

CVSS3: 8.1
redhat
почти 7 лет назад

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

nvd логотип

CVE-2019-5420

CVSS3: 9.8
nvd
почти 7 лет назад

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

github логотип

GHSA-m42h-mh85-4qgc

CVSS3: 9.8
github
почти 7 лет назад

Use of Insufficiently Random Values in Railties Allows Remote Code Execution

fstec логотип

BDU:2019-01180

CVSS3: 8.1
fstec
почти 7 лет назад

Уязвимость программной платформы Ruby on Rails, связанная с ошибками в коде генератора псевдослучайных чисел, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%
0.93102
Критический