-
-
Notifications
You must be signed in to change notification settings - Fork 218
/
CVE-2020-8167.yml
46 lines (35 loc) · 1.26 KB
/
CVE-2020-8167.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
---
gem: actionview
framework: rails
cve: 2020-8167
ghsa: xq5j-gw7f-jgj8
url: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
title: CSRF Vulnerability in rails-ujs
date: 2020-05-18
description: |
There is an vulnerability in rails-ujs that allows attackers to send
CSRF tokens to wrong domains.
Versions Affected: rails <= 6.0.3
Not affected: Applications which don't use rails-ujs.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
This is a regression of CVE-2015-1840.
In the scenario where an attacker might be able to control the href attribute of an anchor tag or
the action attribute of a form tag that will trigger a POST action, the attacker can set the
href or action to a cross-origin URL, and the CSRF token will be sent.
Workarounds
-----------
To work around this problem, change code that allows users to control the href attribute of an anchor
tag or the action attribute of a form tag to filter the user parameters.
For example, code like this:
link_to params
to code like this:
link_to filtered_params
def filtered_params
# Filter just the parameters that you trust
end
cvss_v3: 6.5
patched_versions:
- "~> 5.2.4, >= 5.2.4.3"
- ">= 6.0.3.1"