CVE-2020-8185

State: PUBLISHED · Published: 2020-07-02 · Updated: 2024-08-04 · Assigner: hackerone

Description

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

CWE

CWE-400 — Denial of Service (CWE-400)

Affected

n/a / https://github.com/rails/rails — v=Fixed in 6.0.3.2 [affected]

CVSS

(none)

References

https://hackerone.com/reports/899069 x_refsource_MISC
https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/ vendor-advisory, x_refsource_FEDORA

Source

cvelistV5-main/cves/2020/8xxx/CVE-2020-8185.json