CVE-2020-8167
gem/rails
Cross-Site Request Forgery (CSRF)
A CSRF vulnerability exists in Rails' rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
All versions before 5.2.4.3, all versions starting from 6.0.0 before 6.0.3.1
Upgrade to versions 5.2.4.3, 6.0.3.1 or above.
2020-06-25
source |