CVE-2019-5420

Summary

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

Affected Software

VendorProductVersion RangeStatus
Railshttps://github.com/rails/rails5.2.2.1affected
Railshttps://github.com/rails/rails6.0.0.beta3affected

Weaknesses

  • CWE-77: Command Injection - Generic (CWE-77)

ADP Enrichment

CVE Program Container

Additional References

References