CVE-2020-8167

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8167

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8167.json

Aliases

• GHSA-xq5j-gw7f-jgj8

Related

• DSA-4766-1

Published

2020-06-19T18:15:11Z

Modified

2023-11-29T08:37:14.010127Z

Details

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

References

• https://www.debian.org/security/2020/dsa-4766
• https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
• https://hackerone.com/reports/189878