What the vulnerability does

01Description

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

Key dates

02Disclosure timeline

July 2, 2020 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE