A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
References
Configurations
History
No history.
Information
Published : 2019-03-27 14:29
Updated : 2024-11-21 04:44
NVD link : CVE-2019-5420
Mitre link : CVE-2019-5420
CVE.ORG link : CVE-2019-5420
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
rubyonrails
- rails