You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. Discovery Date: 2019-05-10 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVE-2019-5420
Description: A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Discovery Date: 2019-05-10
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score: 7.5
Exploitability score: 10.0Impact score: 6.4
Vendors
References
The text was updated successfully, but these errors were encountered: