Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

5.4CVSS6.9AI score0.01485EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.98507EPSS
Exploits40References10
Tenable Nessus
Tenable Nessus
added 2020/09/25 12:0 a.m.53 views

Debian DSA-4766-1 : rails - security update

Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

9.8CVSS6.7AI score0.45732EPSS
Exploits9References9
OpenVAS
OpenVAS
added 2020/06/29 12:0 a.m.30 views

Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities - Linux

Ruby on Rails is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

9.8CVSS7.6AI score0.45732EPSS
Exploits8References5
CVE
CVE
added 2020/06/19 5:16 p.m.215 views

CVE-2020-8167

The CVE-2020-8167 issue is a CSRF vulnerability in Rails UJS (Rails UJS) affecting Rails up to 6.0.3. If an attacker can control the href of a link or the action of a form, they can cause the CSRF token to be sent to a cross‑origin URL, potentially leaking tokens. Remediation: upgrade Rails to Ra...

6.5CVSS7.5AI score0.01485EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2020/06/19 5:16 p.m.32 views

CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

6.5CVSS6.4AI score0.01485EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/05/20 12:0 a.m.37 views

FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)

Ruby on Rails blog : Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes : CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible...

9.8CVSS6.9AI score0.45732EPSS
Exploits9References12
Rows per page
Query Builder