CVE-2020-8185

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Rails versions prior to 6.0.3.2

Description A denial of service issue exists that allows an untrusted user to run any pending migrations on a Rails app running in production. This issue enables an attacker to execute migrations that are pending for a Rails app in production mode, although they are limited to running migrations already defined by the application developer and ones that have not already run.

Recommendations For versions prior to 6.0.3.2, update to Rails version 6.0.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the ActionDispatch middleware in the production environment by adding the line config.middleware.delete ActionDispatch::ActionableExceptions to the config/environment/production.rb file.

Exploit

Fix

DoS

Improper Authorization

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-400

Related Identifiers

ALSA-2025_16880

ALT-PU-2021-2595

ALT-PU-2023-4268

ALT-PU-2024-7814

BDU:2025-08594

CVE-2020-8185

GHSA-C6QR-H5VQ-59JC

OPENSUSE-SU-2020:1993-1

OPENSUSE-SU-2020:2000-1

OPENSUSE-SU-2020_1993-1

OPENSUSE-SU-2020_2000-1

OPENSUSE-SU-2024:10589-1

OPENSUSE-SU-2024:11318-1

OPENSUSE-SU-2024:11321-1

OPENSUSE-SU-2024:11821-1

OPENSUSE-SU-2024:11823-1

RHSA-2021:1313

SUSE-SU-2020:3036-1

SUSE-SU-2020:3147-1

SUSE-SU-2020:3160-1

Affected Products

Alt Linux

Rails

Red Os

Suse

CVE-2020-8185

Weakness Enumeration

Related Identifiers

Affected Products

References · 66