<p>Upgrade <code>railties</code> to version 5.2.2.1 or higher.</p>

Remote Code Execution Affecting railties package, versions >=5.2.2, <5.2.2.1

Snyk CVSS

Attack Complexity High

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

EPSS 96.76% (100^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-RAILTIES-173785
published 13 Mar 2019
disclosed 13 Mar 2019
credit ooooooo_q

Report a new vulnerability Found a mistake?

Introduced: 13 Mar 2019

CVE-2019-5420 Open this link in a new tab CWE-94 Open this link in a new tab

How to fix?

Upgrade railties to version 5.2.2.1 or higher.

Overview

railties is an application bootup, plugins, generators, and rake tasks.

Affected versions of this package are vulnerable to Remote Code Execution. An attacker could guess the automatically generated development mode secret token. This secret token could be used in combination with other Rails internals to escalate to a remote code execution exploit.