A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
| Link | Tags |
|---|---|
| https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ | patch vendor advisory |
| https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw | |
| http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html | exploit vdb entry third party advisory |
| https://www.exploit-db.com/exploits/46785/ | exploit vdb entry third party advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/ | vendor advisory |