ruby-on-railsrubycve

Was Ruby On Rails affected by CVE-2019-16201?


I didn't find a short answer to my question,CVE-2019-16201 was a vulnerability on WEBrick on Ruby, was RubyOnRails affected by this vulnerability as well?

I say yes because I found RubyOnRails used WEBrick as mentionned Here.

I say no because on CVE-2019-16201 I don't find any reference to it about RubyOnRails, and I believe that this vulnerability was crucial and must have been mentioned here.

I hope the answer is yes, because I have to reproduce this vulnerability in an environment, and it would be easier to do so, I believe, using ruby on rails.

Thanks to all of you.


Solution

  • Please note: That this is not a rails vulnerability but rather a vulnerability in the WEBrick library that ships with ruby (rails is not a requirement to use this library)

    So if your rails application is:

    Then I would say yes the rails application is vulnerable.