CVE-2019-5420

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Configurations

Configuration 1

cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Information

Published : 2019-03-27 02:29

Updated : 2021-11-03 06:19


NVD link : CVE-2019-5420

Mitre link : CVE-2019-5420

Products Affected
No products.
CWE