There is a possible XSS vulnerability in Action Pack while the application server is in development mode. This vulnerability is in the Actionable Exceptions middleware. This vulnerability has been assigned the CVE identifier CVE-2020-8264.
Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions: 126.96.36.199
Until such time as the patch can be applied, application developers should disable the Actionable Exceptions middleware in their development environment via a line such as this one in their config/environment/development.rb:
|Access Vector||Access Complexity||Authentication||Confidentiality Impact||Integrity Impact||Availability Impact|