cbcvebase.
CVE-2020-8167
published 2020-06-19

CVE-2020-8167: A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianrails< rails 2:5.2.4.3+dfsg-1 (bookworm)rails 2:5.2.4.3+dfsg-1 (bookworm)
httpgithub.com_rails_rails
railsactionview>= 5.0.0 < 5.2.4.35.2.4.3
railsactionview>= 6.0.0 < 6.0.3.16.0.3.1
rubyonrailsrails< 5.2.4.35.2.4.3
rubyonrailsrails>= 0 < 2:5.2.4.3+dfsg-12:5.2.4.3+dfsg-1
rubyonrailsrails>= 0 < 2:5.2.4.3+dfsg-12:5.2.4.3+dfsg-1
rubyonrailsrails>= 0 < 2:5.2.4.3+dfsg-12:5.2.4.3+dfsg-1
rubyonrailsrails>= 0 < 2:5.2.4.3+dfsg-12:5.2.4.3+dfsg-1
rubyonrailsrails>= 6.0.0 < 6.0.3.16.0.3.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
ghsa5.0MEDIUM
osv6.5MEDIUM