I didn't find a short answer to my question,CVE-2019-16201 was a vulnerability on WEBrick on Ruby, was RubyOnRails affected by this vulnerability as well?
I say yes because I found RubyOnRails used WEBrick as mentionned Here.
I say no because on CVE-2019-16201 I don't find any reference to it about RubyOnRails, and I believe that this vulnerability was crucial and must have been mentioned here.
I hope the answer is yes, because I have to reproduce this vulnerability in an environment, and it would be easier to do so, I believe, using ruby on rails.
Thanks to all of you.
CodePudding user response:
Please note: That this is not a rails vulnerability but rather a vulnerability in the WEBrick library that ships with ruby (rails is not a requirement to use this library)
So if your rails application is:
- using WEBrick as its HTTP server; and
- running on one of the affected versions; and
- using digest authentication provided by WEBrick
Then I would say yes the rails application is vulnerable.