Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 732646

Summary: <dev-ruby/rails-6.0.3.2: Denial of service vulnerability (CVE-2020-8185)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: ruby
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=692324
Whiteboard: ~3 [cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-07-14 21:40:11 UTC 
CVE-2020-8185 (https://nvd.nist.gov/vuln/detail/CVE-2020-8185):
  A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an
  untrusted user to run any pending migrations on a Rails app running in
  production.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-14 21:42:15 UTC 
"Versions Affected: 6.0.0 < rails < 6.0.3.2
Not affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)
Fixed Versions: rails >= 6.0.3.2"

So, actually, we're not affected by this. Already clean.