Use of Insufficiently Random Values
CVE-2019-5420
Summary
A remote code execution vulnerability in development mode Rails 5.2.0 before 5.2.2.1 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-330 - Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
References
Advisory Timeline
- Published