Description

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

Remediation

References

CVE-2020-8185

Related Vulnerabilities

Contao Improper Encoding or Escaping of Output Vulnerability (CVE-2019-19714)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13760)

WordPress Plugin Social Rocket-Social Sharing Cross-Site Request Forgery (1.2.9)

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3239)

WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Local File Inclusion (1.1.13)

Severity

Medium

Classification

CVE-2020-8185 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities