{"id":"CVE-2020-8264","details":"In actionpack gem \u003e= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.","aliases":["GHSA-35mm-cc6r-8fjp"],"modified":"2026-04-10T04:28:21.875297Z","published":"2021-01-06T21:15:14.363Z","related":["openSUSE-SU-2024:11313-1","openSUSE-SU-2024:11314-1","openSUSE-SU-2024:11316-1","openSUSE-SU-2024:11318-1","openSUSE-SU-2024:11319-1","openSUSE-SU-2024:11321-1","openSUSE-SU-2024:11323-1","openSUSE-SU-2024:11325-1","openSUSE-SU-2024:11327-1","openSUSE-SU-2024:11329-1","openSUSE-SU-2024:11331-1","openSUSE-SU-2024:11348-1","openSUSE-SU-2024:11351-1","openSUSE-SU-2024:11818-1","openSUSE-SU-2024:11819-1","openSUSE-SU-2024:11820-1","openSUSE-SU-2024:11821-1","openSUSE-SU-2024:11822-1","openSUSE-SU-2024:11823-1","openSUSE-SU-2024:11824-1","openSUSE-SU-2024:11825-1","openSUSE-SU-2024:11826-1","openSUSE-SU-2024:11827-1","openSUSE-SU-2024:11828-1","openSUSE-SU-2024:11831-1","openSUSE-SU-2024:11832-1"],"references":[{"type":"ADVISORY","url":"https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ"},{"type":"FIX","url":"https://hackerone.com/reports/904059"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rails/rails","events":[{"introduced":"66cabeda2c46c582d19738e1318be8d59584cc5b"},{"fixed":"fe76a95b0d252a2d7c25e69498b720c96b243ea2"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"fixed":"6.0.3.4"}]}}],"versions":["v6.0.0","v6.0.3","v6.0.3.1","v6.0.3.2","v6.0.3.3","v6.0.3.rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8264.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}