Описание
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rails | fixed | 6.0.3.2+dfsg-1 | experimental | package |
| rails | not-affected | package |
Примечания
https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
Связанные уязвимости
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Untrusted users can run pending migrations in production in Rails
Уязвимость программной платформы Ruby on Rails, связанная с неправильной авторизацией, позволяющая нарушителю вызвать отказ в обслуживании