VYPR
Critical severity9.8NVD Advisory· Published Mar 27, 2019· Updated Jun 17, 2026

CVE-2019-5420

CVE-2019-5420

Description

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
railtiesRubyGems
>= 5.2.0, < 5.2.2.15.2.2.1

Affected products

13

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.