CVE-2020-8185

Опубликовано: 02 июл. 2020

Источник: debian

EPSS Низкий

Описание

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
rails	fixed	6.0.3.2+dfsg-1	experimental	package
rails	not-affected			package

Примечания

https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0

EPSS

Процентиль: 77%

0.01071

Низкий

Связанные уязвимости

CVE-2020-8185

CVSS3: 6.5

ubuntu

около 5 лет назад

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

CVE-2020-8185

CVSS3: 7.1

redhat

около 5 лет назад

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

CVE-2020-8185

CVSS3: 6.5

nvd

около 5 лет назад

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

GHSA-c6qr-h5vq-59jc

CVSS3: 6.5

github

около 5 лет назад

Untrusted users can run pending migrations in production in Rails

ROS-20250625-03

CVSS3: 7.5

redos

25 дней назад

Множественные уязвимости rubygem-actionpack

EPSS

Процентиль: 77%

0.01071

Низкий