16 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-8185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability exists in Rails 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production...
SUSE: Security Advisory (SUSE-SU-2020:3147-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rubygem-image_processing (FEDORA-2020-4dd34860a3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-actionmailbox (FEDORA-2020-4dd34860a3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-actionmailer (FEDORA-2020-4dd34860a3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-railties (FEDORA-2020-4dd34860a3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-actioncable (FEDORA-2020-4dd34860a3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Rails. Vulnerability Details CVEID: CVE-2020-8163 DESCRIPTION: Rails could allow a remote attacker to execute arbitrary code on the system, caused by a code injection vulnerability. By sending a specially...
Ruby on Rails < 6.0.3.2 DoS Vulnerability
Ruby on Rails is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2020-8185
A denial of service vulnerability exists in Rails 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production...
CVE-2020-8185
CVE-2020-8185 is associated with Rails, and connected documents show mitigation via Rails upgrade to 6.0.3.3 in openSUSE/SUSE advisories, after the affected
Untrusted users can run pending migrations in production in Rails
There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact ------ Using this issu...
GHSA-C6QR-H5VQ-59JC Untrusted users can run pending migrations in production in Rails
There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact ------ Using this issu...
Ruby on Rails: Open Redirect (6.0.0 < rails < 6.0.3.2)
Hello, I was looking at the change log https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2 for CVE-2020-8185 and found another problem existed. https://github.com/rails/rails/blob/v6.0.3.1/actionpack/lib/actiondispatch/middleware/actionableexceptions.rbL21 ruby redirect...
Untrusted users able to run pending migrations in production
There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact ------ Using this issu...
Rails -- permission vulnerability
Ruby on Rails blog: Rails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185...