What is CVE-2020-8264?

CVE-2020-8264 is a vulnerability in Https://github.com/rails/rails, classified under Cross-site Scripting. Published 2021-01-06.

Is CVE-2020-8264 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Https://github.com/rails/rails

CVE-2020-8264

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute Java…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.707 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a Https://github.com/rails/rails — versions 6.0.3.4

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

hackerone.com/reports/904059 (x_refsource_MISC)
groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-8264?: CVE-2020-8264 is a vulnerability in Https://github.com/rails/rails, classified under Cross-site Scripting. Published 2021-01-06.
Is CVE-2020-8264 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.