9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.725 High
EPSS
Percentile
98.0%
Ruby on Rails blog:
Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.
Both releases contain the following fixes:
CVE-2020-8162: Circumvention of file size limits in ActiveStorage
CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack
CVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
CVE-2020-8166: Ability to forge per-form CSRF tokens given a global CSRF token
CVE-2020-8167: CSRF Vulnerability in rails-ujs
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | rubygem-actionpack52 | < 5.2.4.3 | UNKNOWN |
FreeBSD | any | noarch | rubygem-actionview52 | < 5.2.4.3 | UNKNOWN |
FreeBSD | any | noarch | rubygem-activestorage52 | < 5.2.4.3 | UNKNOWN |
FreeBSD | any | noarch | rubygem-activesupport52 | < 5.2.4.3 | UNKNOWN |
FreeBSD | any | noarch | rubygem-actionpack60 | < 6.0.3.1 | UNKNOWN |
FreeBSD | any | noarch | rubygem-actionview60 | < 6.0.3.1 | UNKNOWN |
FreeBSD | any | noarch | rubygem-activestorage60 | < 6.0.3.1 | UNKNOWN |
FreeBSD | any | noarch | rubygem-activesupport60 | < 6.0.3.1 | UNKNOWN |
groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.725 High
EPSS
Percentile
98.0%