CVE-2019-5420

by Fred · 27/03/2019

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. Date published : 2019-03-27 https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

CVE-2019-5420

Similar

Recent Posts

Categories

CVE-2019-5420

Share this:

Similar

Recent Posts

Categories

Tags