WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Improper Input Validation Vulnerability (CVE-2019-5420)

Description

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

Remediation

References

Related Vulnerabilities

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-35161)

WordPress Plugin OneLogin SAML SSO Unspecified Vulnerability (2.1.8)

WordPress Plugin SEO Redirection-301 Redirect Manager Unspecified Vulnerability (8.7)

WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection (1.2.2.5)

WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)

Severity

Critical

Classification

CVE-2019-5420 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities