DEBIAN-CVE-2020-8264

DEBIAN-CVE-2020-8264 PUBLISHED CVSS 6.099999904632568 MEDIUM

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	rails	0, 0, 0
Debian:13	rails	0, 0, 0
Debian:14	rails	0, 0, 0
Debian:12	rails	0, 0, 0

Timeline

Jan 6, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-8264 advisory

Open in Interactive Console →