CVE-2020-8167

Summary

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Affected Software

VendorProductVersion RangeStatus
n/ahttp://github.com/rails/railsFixed in 5.2.4.3, 6.0.3.1affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)

ADP Enrichment

CVE Program Container

Additional References

References