Description

In development mode, Ruby on Rails application uses an application name as the secret_key_base. It allows an attacker to set a valid signature for a serialized payload to ActiveStorage component. During the deserialization process, ActiveStorage executes arbitrary commands in OS.

Remediation

Upgrade to the latest version of Ruby on Rails

References

Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization

Related Vulnerabilities

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1524)

Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-33816)

PHP Out-of-bounds Write Vulnerability (CVE-2021-21704)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5406)

Python Incorrect Type Conversion or Cast Vulnerability (CVE-2020-10735)

Severity

High

Classification

CVE-2019-5420 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Acumonitor Code Execution Insecure Deserialization Known Vulnerabilities