What is the vulnerability ID for the CSRF vulnerability in rails-ujs?

The vulnerability ID for the CSRF vulnerability in rails-ujs is CVE-2020-8167.

What is the affected version of rails-ujs?

The affected version of rails-ujs is <= 6.0.3.

How can attackers exploit the CSRF vulnerability in rails-ujs?

Attackers can exploit the CSRF vulnerability in rails-ujs by sending CSRF tokens to wrong domains.

Which versions of rails fix the CSRF vulnerability in rails-ujs?

The versions rails >= 5.2.4.3 and rails >= 6.0.3.1 fix the CSRF vulnerability in rails-ujs.

What is the impact of the CSRF vulnerability in rails-ujs?

The CSRF vulnerability in rails-ujs can lead to Cross-Site Request Forgery attacks.

Vulnerability/
CVE-2020-8167

medium

6.5

CWE

352

19/6/2020

7/7/2020

4/8/2024

CVE-2020-8167: CSRF

Q: How can attackers exploit the CSRF vulnerability in rails-ujs?

Attackers can exploit the CSRF vulnerability in rails-ujs by sending CSRF tokens to wrong domains.

Q: Which versions of rails fix the CSRF vulnerability in rails-ujs?

The versions rails >= 5.2.4.3 and rails >= 6.0.3.1 fix the CSRF vulnerability in rails-ujs.

First published: Fri Jun 19 2020(Updated: )

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Rubyonrails Rails	<5.2.4.3
Rubyonrails Rails	>=6.0.0<6.0.3.1
Debian Debian Linux	=10.0
debian/rails		2:5.2.2.1+dfsg-1+deb10u3 2:5.2.2.1+dfsg-1+deb10u5 2:6.0.3.7+dfsg-2+deb11u2 2:6.1.7.3+dfsg-1 2:6.1.7.3+dfsg-2

Remedy

https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for the CSRF vulnerability in rails-ujs?
The vulnerability ID for the CSRF vulnerability in rails-ujs is CVE-2020-8167.
What is the affected version of rails-ujs?
The affected version of rails-ujs is <= 6.0.3.
How can attackers exploit the CSRF vulnerability in rails-ujs?
Attackers can exploit the CSRF vulnerability in rails-ujs by sending CSRF tokens to wrong domains.
Which versions of rails fix the CSRF vulnerability in rails-ujs?
The versions rails >= 5.2.4.3 and rails >= 6.0.3.1 fix the CSRF vulnerability in rails-ujs.
What is the impact of the CSRF vulnerability in rails-ujs?
The CSRF vulnerability in rails-ujs can lead to Cross-Site Request Forgery attacks.

collector/github-advisory
alias/GHSA-xq5j-gw7f-jgj8
alias/CVE-2020-8167
collector/github-advisory-latest
collector/security-tracker-debian
collector/nvd-index
collector/nvd-cve
agent/author
agent/references
agent/weakness
agent/type
agent/event
agent/description
agent/last-modified-date
agent/remedy
agent/first-publish-date
agent/tags
agent/severity
agent/softwarecombine
collector/mitre-cve
source/MITRE
package-manager/rubygems
package-manager/debian
vendor/rubyonrails
canonical/rubyonrails rails
version/rubyonrails rails/6.0.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.