Vulnerability CVE-2020-8185: Information

Description

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8185
Published: July 2, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-400

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gem-railssisyphus6.1.3.2-alt16.1.7.1-alt1.2ALT-PU-2021-2595-1263530Fixed
gem-railsp106.1.7.1-alt1.16.1.7.1-alt1.2ALT-PU-2023-4268-4307833Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://hackerone.com/reports/899069
  • Permissions Required
  • Third Party Advisory
https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
  • Mailing List
  • Patch
  • Third Party Advisory
FEDORA-2020-4dd34860a3

      1. Configuration 1

        cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
        Start including
        6.0.0
        End excliding
        6.0.3.2

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.0
    Back to top