Identifier

CVE-2020-8167

Package Slug

gem/rails

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A CSRF vulnerability exists in Rails' rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Affected Versions

All versions up to 6.0.3

Solution

Upgrade to version 6.0.3.1 or above.

Last Modified

2020-06-25

source