7 matches found
SUSE CVE-2020-8167
A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...
SUSE: Security Advisory (SUSE-SU-2020:3147-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4766-1 : rails - security update
Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities - Linux
Ruby on Rails is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...
CVE-2020-8167
The CVE-2020-8167 issue is a CSRF vulnerability in Rails UJS (Rails UJS) affecting Rails up to 6.0.3. If an attacker can control the href of a link or the action of a form, they can cause the CSRF token to be sent to a cross‑origin URL, potentially leaking tokens. Remediation: upgrade Rails to Ra...
CVE-2020-8167
A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...
FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)
Ruby on Rails blog : Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes : CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible...