Page 6 of 119 results (0.003 seconds)

CVSS: 8.8EPSS: 96%CPEs: 2EXPL: 5

CVE-2020-8163 – Rails 5.0.1 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. Se trata de una vulnerabilidad de inyección de código en versiones de Rails anteriores a 5.0.1, que permitiría a un atacante que controlara el argumento "locals" de una llamada "render" para realizar un RCE • https://www.exploit-db.com/exploits/48716 https://github.com/lucasallan/CVE-2020-8163 https://github.com/h4ms1k/CVE-2020-8163 https://github.com/TK-Elliot/CVE-2020-8163 http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 https://hackerone.com/reports/304805 https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-8185 – rubygem-rails: untrusted users able to run pending migrations in production

https://notcve.org/view.php?id=CVE-2020-8185

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. Se presenta una vulnerabilidad de denegación de servicio en Rails versiones anteriores a 6.0.3.2, que permitió a un usuario no confiable ejecutar cualquier migración pendiente en una aplicación Rails que se ejecuta en producción • https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 https://hackerone.com/reports/899069 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB https://access.redhat.com/security/cve/CVE-2020-8185 https://bugzilla.redhat.com/show_bug.cgi?id=1852380 • CWE-250: Execution with Unnecessary Privileges CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-8167 – rubygem-actionview: CSRF vulnerability in rails-ujs

https://notcve.org/view.php?id=CVE-2020-8167

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. Se presenta una vulnerabilidad de tipo CSRF en el módulo rails versiones anteriores a 6.0.3 incluyéndola, rails-ujs que podría permitir a atacantes enviar tokens CSRF a dominios incorrectos A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0 https://hackerone.com/reports/189878 https://www.debian.org/security/2020/dsa-4766 https://access.redhat.com/security/cve/CVE-2020-8167 https://bugzilla.redhat.com/show_bug.cgi?id=1843084 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 66%CPEs: 7EXPL: 7

CVE-2020-8165 – rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

https://notcve.org/view.php?id=CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. Se presenta una vulnerabilidad de deserialización de datos no confiables en rails versiones anteriores a 5.2.4.3, rails versiones anteriores a 6.0.3.1, que puede permitir a un atacante desarmar los objetos proporcionados por el usuario en MemCacheStore y RedisCacheStore, lo que podría generar un RCE A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the `raw: true` parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/masahiro331/CVE-2020-8165 https://github.com/hybryx/CVE-2020-8165 https://github.com/progfay/CVE-2020-8165 https://github.com/AssassinUKG/CVE-2020-8165 https://github.com/taipansec/CVE-2020-8165 https://github.com/umiterkol/CVE-2020-8165--Auto-Shell http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c ht • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2020-8164 – rubygem-actionpack: possible strong parameters bypass

https://notcve.org/view.php?id=CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. Se presenta una vulnerabilidad de deserialización de datos no confiables en rails versiones anteriores a 5.2.4.3, rails versiones anteriores a 6.0.3.1, que pueden permitir a un atacante suministrar información en la que pueden ser filtrados inadvertidamente parámetros fromStrong A flaw was found in rubygem-actionpack. Untrusted hashes of data is possible for values of `each`, `each_value`, and `each_pair` which can lead to cases of user supplied information being leaked from Strong Parameters. Applications that use these hashes may inadvertently use untrusted user input. The highest risk from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY https://hackerone.com/reports/292797 https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html https://www.debian.org/security/2020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •