// For flags

CVE-2019-5420

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

16
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

Una vulnerabilidad de ejecución remota de código en el modo de desarrollo de Rails, en versiones anteriores a la 5.2.2.1 y la 6.0.0.beta3, podría permitir que un atacante adivine el token secreto del modo de desarrollo generado automáticamente. Este token secreto puede emplearse en combinación con otros internals de Rails para escalar a un exploit de ejecución remota de código.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-04 CVE Reserved
  • 2019-03-21 First Exploit
  • 2019-03-27 CVE Published
  • 2024-08-04 CVE Updated
  • 2025-07-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-330: Use of Insufficiently Random Values
CAPEC
References (23)
URL Tag Source
https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw X_refsource_confirm
https://hackerone.com/reports/473888
https://github.com/mpgn/Rails-doubletap-RCE
https://groups.google.com/forum/#!searchin/rubyonrails-security/CVE-2019-5420/rubyonrails-security/IsQKvDqZdKw/UYgRCJz2CgAJ
https://www.zerodayinitiative.com/blog/2019/6/20/remote-code-execution-via-ruby-on-rails-active-storage-insecure-deserialization
URL Date SRC
https://packetstorm.news/files/id/152704 2019-05-01
https://www.exploit-db.com/exploits/46785 2024-08-04
https://github.com/knqyf263/CVE-2019-5420 2019-03-21
https://github.com/j4k0m/CVE-2019-5420 2021-09-07
https://github.com/laffray/ruby-RCE-CVE-2019-5420- 2022-07-02
https://github.com/scumdestroy/CVE-2019-5420.rb 2021-05-11
https://github.com/trickstersec/CVE-2019-5420 2022-03-14
https://github.com/Eremiel/CVE-2019-5420 2021-01-20
https://github.com/PenTestical/CVE-2019-5420 2022-06-06
https://github.com/AnasTaoutaou/CVE-2019-5420 2021-01-11
https://github.com/CyberSecurityUP/CVE-2019-5420-POC 2022-01-30
https://github.com/mmeza-developer/CVE-2019-5420-RCE 2021-11-06
https://github.com/cved-sources/cve-2019-5420 2021-04-15
https://github.com/WildWestCyberSecurity/cve-2019-5420-POC 2025-02-10
https://github.com/sealldeveloper/CVE-2019-5420-PoC 2025-04-25
http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html 2024-08-04
URL Date SRC
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released 2023-11-07
URL Date SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rubyonrails
Search vendor "Rubyonrails"
 Rails
Search vendor "Rubyonrails" for product "Rails"
 < 5.2.2.1
Search vendor "Rubyonrails" for product "Rails" and version " < 5.2.2.1"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
 Rails
Search vendor "Rubyonrails" for product "Rails"
 6.0.0
Search vendor "Rubyonrails" for product "Rails" and version "6.0.0"
beta1
Affected
Rubyonrails
Search vendor "Rubyonrails"
 Rails
Search vendor "Rubyonrails" for product "Rails"
 6.0.0
Search vendor "Rubyonrails" for product "Rails" and version "6.0.0"
beta2
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected