10 matches found
openSUSE Security Advisory (SUSE-SU-2024:0103-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:0103-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:0103-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0103-1 advisory. - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182. Tenable has extracted the preceding descripti...
SUSE: Security Advisory (SUSE-SU-2020:3147-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166).
Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2020-8166 DESCRIPTION: Ruby on Rails is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by authenticitytoken meta tag. By...
Debian DSA-4766-1 : rails - security update
Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Rails. Vulnerability Details CVEID: CVE-2020-8163 DESCRIPTION: Rails could allow a remote attacker to execute arbitrary code on the system, caused by a code injection vulnerability. By sending a specially...
CVE-2020-8166
CVE-2020-8166 is a CSRF forgery vulnerability in Ruby on Rails (affecting Rails < 5.2.5 and Rails
CVE-2020-8166
A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...
FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)
Ruby on Rails blog : Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes : CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible...