Home > database >  Was Ruby On Rails affected by CVE-2019-16201?
Was Ruby On Rails affected by CVE-2019-16201?

Time:10-21

I didn't find a short answer to my question,CVE-2019-16201 was a vulnerability on WEBrick on Ruby, was RubyOnRails affected by this vulnerability as well?

I say yes because I found RubyOnRails used WEBrick as mentionned Here.

I say no because on CVE-2019-16201 I don't find any reference to it about RubyOnRails, and I believe that this vulnerability was crucial and must have been mentioned here.

I hope the answer is yes, because I have to reproduce this vulnerability in an environment, and it would be easier to do so, I believe, using ruby on rails.

Thanks to all of you.

CodePudding user response:

Please note: That this is not a rails vulnerability but rather a vulnerability in the WEBrick library that ships with ruby (rails is not a requirement to use this library)

So if your rails application is:

  • using WEBrick as its HTTP server; and
  • running on one of the affected versions; and
  • using digest authentication provided by WEBrick

Then I would say yes the rails application is vulnerable.

  • Related