|Category:||Web application abuses|
|Title:||Ruby on Rails < 5.2.5, 6.x < 6.0.4 CSRF Vulnerability|
|Summary:||Ruby on Rails is prone to a cross-site request forgery (CSRF) vulnerability.|
Ruby on Rails is prone to a cross-site request forgery (CSRF) vulnerability.
An attacker can use a global CSRF token,
as can be found in the authenticity_token meta tag, to forge form-specific CSRF tokens.
Successful exploitation would allow an authenticated attacer
to perform actions in the context of another user.
Ruby on Rails through version 5.2.4 and versions 6.0.0 through 6.0.3.
Update to version 5.2.5 or 6.0.4 respectively.
Common Vulnerability Exposure (CVE) ID: CVE-2020-8166|
Debian Security Information: DSA-4766 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.