Lucene search
+L

5 matches found

hackerone
hackerone
added 2020/06/21 2:15 a.m.204 views

Ruby on Rails: Open Redirect (6.0.0 < rails < 6.0.3.2)

Hello, I was looking at the change log https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2 for CVE-2020-8185 and found another problem existed. https://github.com/rails/rails/blob/v6.0.3.1/actionpack/lib/actiondispatch/middleware/actionableexceptions.rbL21 ruby redirect...

4.3CVSS6.5AI score0.70717EPSS
Exploits1
prion
prion
added 2020/06/19 6:15 p.m.27 views

Deserialization of untrusted data

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

7.5CVSS9.2AI score0.45732EPSS
Exploits5References8Affected Software3
osv
osv
added 2020/06/19 5:15 p.m.4 views

DEBIAN-CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

7.5CVSS6.9AI score0.03065EPSS
Exploits1References1
osv
osv
added 2020/05/26 3:9 p.m.42 views

GHSA-M42X-37P3-FV5W Circumvention of file size limits in ActiveStorage

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...

7.5CVSS6.5AI score0.03065EPSS
Exploits1References8
rubygems
rubygems
added 2020/05/18 12:0 a.m.159 views

Circumvention of file size limits in ActiveStorage

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...

7.5CVSS3.5AI score0.03065EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder