Identifier

CVE-2020-8166

Package Slug

gem/rails

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A CSRF forgery vulnerability exists in rails that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

Affected Versions

All versions before 5.2.4.3, all versions starting from 6.0.0 before 6.0.3.1

Solution

Upgrade to versions 5.2.4.3, 6.0.3.1 or above.

Last Modified

2020-07-21

source