Risk | High |
Patch available | YES |
Number of vulnerabilities | 6 |
CVE-ID | CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-15169 |
CWE-ID | CWE-20 CWE-200 CWE-502 CWE-352 CWE-79 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
Vulnerable software Subscribe |
rails (Debian package) Operating systems & Components / Operating system package or component |
Vendor | Debian |
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU28240
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-8162
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in ActiveStorage's S3 adapter. A remote attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server and perform a denial of service (DoS) attack.
MitigationUpdate rails package to version 2:5.2.2.1+dfsg-1+deb10u2.
Vulnerable software versionsrails (Debian package): 5.2.2.1+dfsg-1+deb10u1
http://www.debian.org/security/2020/dsa-4766
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU28243
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-8164
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the return value of "each", or "each_value", or "each_pair" will return the underlying "untrusted" hash of data that was read from the parameters. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationUpdate rails package to version 2:5.2.2.1+dfsg-1+deb10u2.
Vulnerable software versionsrails (Debian package): 5.2.2.1+dfsg-1+deb10u1
http://www.debian.org/security/2020/dsa-4766
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU28239
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-8165
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data in the "MemCacheStore" and "RedisCacheStore". A remote attacker can pass specially crafted data to the application using the "raw: true" parameter and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate rails package to version 2:5.2.2.1+dfsg-1+deb10u2.
Vulnerable software versionsrails (Debian package): 5.2.2.1+dfsg-1+deb10u1
http://www.debian.org/security/2020/dsa-4766
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU28244
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-8166
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in the "authenticity_token" meta tag. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationUpdate rails package to version 2:5.2.2.1+dfsg-1+deb10u2.
Vulnerable software versionsrails (Debian package): 5.2.2.1+dfsg-1+deb10u1
http://www.debian.org/security/2020/dsa-4766
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU28241
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-8167
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
This is a regression of CVE-2015-1840.
MitigationUpdate rails package to version 2:5.2.2.1+dfsg-1+deb10u2.
Vulnerable software versionsrails (Debian package): 5.2.2.1+dfsg-1+deb10u1
http://www.debian.org/security/2020/dsa-4766
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU46724
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-15169
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Action View's translation helpers. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate rails package to version 2:5.2.2.1+dfsg-1+deb10u2.
Vulnerable software versionsrails (Debian package): 5.2.2.1+dfsg-1+deb10u1
http://www.debian.org/security/2020/dsa-4766
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?