Security Advisory

CVE-2019-5420

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-27 13:48:13

Last updated 2024-08-04 19:54:53

Assigner hackerone

State PUBLISHED

Description

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

← Browse all CVEs View on cve.org ↗