CVE-2020-8167

CVE-2020-8167

gem/rails

Cross-Site Request Forgery (CSRF)

A CSRF vulnerability exists in Rails' rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

All versions before 5.2.4.3, all versions starting from 6.0.0 before 6.0.3.1

Upgrade to versions 5.2.4.3, 6.0.3.1 or above.

2020-06-25