Severity Rating: High     

Software Affected:
·         Rails prior to 6.0.3.2

Overview
A Remote Code Execution vulnerability has been reported in Rails which
could allow a remote attacker to execute malicious arbitrary code on the
targeted system.

Description
This vulnerability exists in Rails due to improper handling of pending
migrations by the affected Rails app running in production. A remote
attacker could exploit this vulnerability by executing any migrations that
are pending for a Rails application running in production mode.

Successful exploitation of this vulnerability could allow a remote attacker
to execute malicious arbitrary code on the targeted system.

Solution:
Apply appropriate security updates as mentioned in the Rails Advisory:

Vendor Information

References

CVE Name
CVE-2020-8185

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

View all posts [..]

Related Posts

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top