Vulnerabilities > Rubyonrails > Rails > 5.1.6.2

DATE CVE VULNERABILITY TITLE RISK
2020-06-19 CVE-2020-8162 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
network
low complexity
rubyonrails debian CWE-434
7.5
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
9.8