Описание
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Отчет
This issue did not affect the versions of rh-ror42-rubygem-rails and rh-ror50-rubygem-rails as shipped with Red Hat Software Collections.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Software Collections | rh-ror42-rubygem-rails | Not affected | ||
| Red Hat Software Collections | rh-ror50-rubygem-rails | Not affected |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
A remote code execution vulnerability in development mode Rails <5.2.2 ...
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Уязвимость программной платформы Ruby on Rails, связанная с ошибками в коде генератора псевдослучайных чисел, позволяющая нарушителю выполнить произвольный код
8.1 High
CVSS3