Description
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-21277 Vulnerability (CVE-2022-21277)
WordPress Plugin Soundy Audio Playlist Cross-Site Scripting (4.6)
Oracle Database Server CVE-2015-2655 Vulnerability (CVE-2015-2655)
WordPress Plugin Essential Blocks Pro Multiple PHP Object Injection Vulnerabilities (1.1.0)
WordPress Plugin Widget Settings Importer/Exporter Cross-Site Scripting (1.5.3)