vulnerability

FreeBSD: VID-85FCA718-99F6-11EA-BF1D-08002728F74C (CVE-2020-8162): Rails -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	2020-05-18	2020-05-20	2020-10-20

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

2020-05-18

Added

2020-05-20

Modified

2020-10-20

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-85FCA718-99F6-11EA-BF1D-08002728F74C:

Ruby on Rails blog:

Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.

Both releases contain the following fixes:

CVE-2020-8162: Circumvention of file size limits in ActiveStorage

CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack

CVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

CVE-2020-8166: Ability to forge per-form CSRF tokens given a global CSRF token

CVE-2020-8167: CSRF Vulnerability in rails-ujs

Solution(s)

freebsd-upgrade-package-rubygem-actionpack52freebsd-upgrade-package-rubygem-actionpack60freebsd-upgrade-package-rubygem-actionview52freebsd-upgrade-package-rubygem-actionview60freebsd-upgrade-package-rubygem-activestorage52freebsd-upgrade-package-rubygem-activestorage60freebsd-upgrade-package-rubygem-activesupport52freebsd-upgrade-package-rubygem-activesupport60

References

NVD-CVE-2020-8162

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today