CVE-2020-8166

Published: Jul 2, 2020

Modified: Apr 28, 2026

PUBLISHED

Description

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

Vendor	Product	Versions
n/a	https://github.com/rails/rails	affected `Fixed in 5.2.4.3, 6.0.3.1`

Weaknesses (CWE)

CWE-352

References

https://hackerone.com/reports/732415

x_refsource_MISC

https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw

x_refsource_MISC

DSA-4766

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8166

Description

Affected Products

Weaknesses (CWE)

References