[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-5420":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":215,"aliases":257,"duplicate_of":9,"upstream":258,"downstream":259,"duplicates":274,"related":275,"reserved_at":9,"published_at":282,"modified_at":283,"state":284,"summary":285,"references_raw":292,"kevs":322,"epss":323,"epss_history":326,"metrics":521,"affected":530},"CVE-2019-5420","A remote code execution vulnerability in development mode Rails \u003C5.2.2.1, \u003C6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.",null,[11,177],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-330","Use of Insufficiently Random Values","The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.","weakness","Stable","Class","High",[20,145,173],{"id":21,"name":22,"techniques":23},"CAPEC-112","Brute Force",[24],{"id":25,"name":22,"tactics":26,"countermeasures":30},"T1110",[27],{"id":28,"name":29},"TA0031","Credential Access",[31,36,40,44,48,52,56,60,64,68,72,76,80,84,89,93,98,103,107,111,115,119,123,127,131,136,141],{"id":32,"name":33,"tactic":34},"D3-CCSA","Credential Compromise Scope Analysis",{"name":35},"Detect",{"id":37,"name":38,"tactic":39},"D3-AEM","Application Exception Monitoring",{"name":35},{"id":41,"name":42,"tactic":43},"D3-OPM","Operational Process Monitoring",{"name":35},{"id":45,"name":46,"tactic":47},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":35},{"id":49,"name":50,"tactic":51},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":35},{"id":53,"name":54,"tactic":55},"D3-CSPP","Client-server Payload Profiling",{"name":35},{"id":57,"name":58,"tactic":59},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":35},{"id":61,"name":62,"tactic":63},"D3-NTSA","Network Traffic Signature Analysis",{"name":35},{"id":65,"name":66,"tactic":67},"D3-APCA","Application Protocol Command Analysis",{"name":35},{"id":69,"name":70,"tactic":71},"D3-NTCD","Network Traffic Community Deviation",{"name":35},{"id":73,"name":74,"tactic":75},"D3-RTSD","Remote Terminal Session Detection",{"name":35},{"id":77,"name":78,"tactic":79},"D3-CAA","Connection Attempt Analysis",{"name":35},{"id":81,"name":82,"tactic":83},"D3-ANAA","Administrative Network Activity Analysis",{"name":35},{"id":85,"name":86,"tactic":87},"D3-CR","Credential Revocation",{"name":88},"Evict",{"id":90,"name":91,"tactic":92},"D3-ANCI","Authentication Cache Invalidation",{"name":88},{"id":94,"name":95,"tactic":96},"D3-DUC","Decoy User Credential",{"name":97},"Deceive",{"id":99,"name":100,"tactic":101},"D3-CH","Credential Hardening",{"name":102},"Harden",{"id":104,"name":105,"tactic":106},"D3-MFA","Multi-factor Authentication",{"name":102},{"id":108,"name":109,"tactic":110},"D3-CRO","Credential Rotation",{"name":102},{"id":112,"name":113,"tactic":114},"D3-PR","Password Rotation",{"name":102},{"id":116,"name":117,"tactic":118},"D3-PWA","Password Authentication",{"name":102},{"id":120,"name":121,"tactic":122},"D3-CDP","Change Default Password",{"name":102},{"id":124,"name":125,"tactic":126},"D3-SPP","Strong Password Policy",{"name":102},{"id":128,"name":129,"tactic":130},"D3-OTP","One-time Password",{"name":102},{"id":132,"name":133,"tactic":134},"D3-RIC","Reissue Credential",{"name":135},"Restore",{"id":137,"name":138,"tactic":139},"D3-CTS","Credential Transmission Scoping",{"name":140},"Isolate",{"id":142,"name":143,"tactic":144},"D3-NTF","Network Traffic Filtering",{"name":140},{"id":146,"name":147,"techniques":148},"CAPEC-485","Signature Spoofing by Key Recreation",[149],{"id":150,"name":151,"tactics":152,"countermeasures":154},"T1552.004","Private Keys",[153],{"id":28,"name":29},[155,157,159,161,163,165,167,169,171],{"id":32,"name":33,"tactic":156},{"name":35},{"id":85,"name":86,"tactic":158},{"name":88},{"id":90,"name":91,"tactic":160},{"name":88},{"id":94,"name":95,"tactic":162},{"name":97},{"id":99,"name":100,"tactic":164},{"name":102},{"id":104,"name":105,"tactic":166},{"name":102},{"id":108,"name":109,"tactic":168},{"name":102},{"id":132,"name":133,"tactic":170},{"name":135},{"id":137,"name":138,"tactic":172},{"name":140},{"id":174,"name":175,"techniques":176},"CAPEC-59","Session Credential Falsification through Prediction",[],{"_key":178,"id":178,"name":179,"description":180,"type":15,"status":181,"abstraction":17,"likelihood_of_exploit":18,"capec":182},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","Draft",[183,187,191,195,199,203,207,211],{"id":184,"name":185,"techniques":186},"CAPEC-136","LDAP Injection",[],{"id":188,"name":189,"techniques":190},"CAPEC-15","Command Delimiters",[],{"id":192,"name":193,"techniques":194},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":196,"name":197,"techniques":198},"CAPEC-248","Command Injection",[],{"id":200,"name":201,"techniques":202},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":204,"name":205,"techniques":206},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":208,"name":209,"techniques":210},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":212,"name":213,"techniques":214},"CAPEC-76","Manipulating Web Input to File System Calls",[],[216,225,239],{"_key":217,"name":218,"source":219,"url":220,"maturity":221,"reliability_score":222,"verified":223,"type":9,"platforms":224,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_85E6B6F1AA1039B0","Exploit Reference (packetstormsecurity.com)","reference","http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html","unknown",0.2,false,[],{"_key":226,"name":227,"source":228,"url":229,"maturity":230,"reliability_score":231,"verified":232,"type":233,"platforms":234,"requires_auth":9,"exploitdb":236,"metasploit":9},"46785","Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)","exploit-database","https://www.exploit-db.com/exploits/46785","weaponized",0.8,true,"remote",[235],"linux",{"verified":232,"type":233,"platform":235,"file":237,"codes":238},"exploits/linux/remote/46785.rb",[7],{"_key":240,"name":241,"source":242,"url":243,"maturity":230,"reliability_score":244,"verified":232,"type":233,"platforms":245,"requires_auth":223,"exploitdb":9,"metasploit":246},"MSF_EXPLOIT_MULTI_HTTP_RAILS_DOUBLE_TAP","Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/http/rails_double_tap.rb",1,[],{"fullname":247,"rank":248,"rank_name":249,"post_auth":223,"check":232,"notes":250},"exploit/multi/http/rails_double_tap",600,"excellent",{"Stability":251,"SideEffects":253,"Reliability":255},[252],"crash-safe",[254],"ioc-in-logs",[256],"unknown-reliability",[],[],[260,262,264,266,268,270,272],{"_key":261},"SUSE-SU-2020:3036-1",{"_key":263},"SUSE-SU-2020:3147-1",{"_key":265},"SUSE-SU-2020:3160-1",{"_key":267},"OPENSUSE-SU-2020:1993-1",{"_key":269},"OPENSUSE-SU-2020:2000-1",{"_key":271},"OPENSUSE-SU-2024:10589-1",{"_key":273},"DEBIAN-CVE-2019-5420",[],[276,277,278,279,280,281],{"_key":261},{"_key":263},{"_key":265},{"_key":267},{"_key":269},{"_key":271},"2019-03-27T13:48:13.000Z","2024-08-04T19:54:53.584Z","Modified",{"cisa_kev":223,"cisa_ransomware":223,"cisa_vendor":9,"epss_severity":286,"epss_score":287,"severity":286,"severity_score":288,"severity_version":289,"severity_source":290,"severity_vector":291,"severity_status":284},"critical",0.93513,9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[293,301,305,312,317],{"url":294,"sources":295,"tags":297},"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",[296,290],"cve.org",[298,299,300],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":302,"sources":303,"tags":304},"https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw",[296,290],[298],{"url":220,"sources":306,"tags":307},[296,290],[308,309,310,311],"X Refsource MISC","Exploit","Third Party Advisory","VDB Entry",{"url":313,"sources":314,"tags":315},"https://www.exploit-db.com/exploits/46785/",[296,290],[309,316,310,311],"X Refsource EXPLOIT DB",{"url":318,"sources":319,"tags":320},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/",[296,290],[300,321],"X Refsource FEDORA",[],{"date":324,"score":287,"percentile":325},"2026-06-04",0.99835,[327,331,333,335,338,340,343,345,347,349,351,353,355,357,359,363,365,367,369,371,373,375,377,379,381,383,385,388,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,472,474,476,478,480,482,486,488,491,493,495,497,499,501,503,505,507,509,512,514,516,518],{"date":328,"score":329,"percentile":330},"2025-11-04",0.93272,0.99794,{"date":332,"score":329,"percentile":330},"2025-11-05",{"date":334,"score":329,"percentile":330},"2025-11-06",{"date":336,"score":329,"percentile":337},"2025-11-07",0.99793,{"date":339,"score":329,"percentile":337},"2025-11-08",{"date":341,"score":329,"percentile":342},"2025-11-09",0.99792,{"date":344,"score":329,"percentile":342},"2025-11-10",{"date":346,"score":329,"percentile":337},"2025-11-11",{"date":348,"score":329,"percentile":337},"2025-11-12",{"date":350,"score":329,"percentile":330},"2025-11-13",{"date":352,"score":329,"percentile":337},"2025-11-14",{"date":354,"score":329,"percentile":330},"2025-11-15",{"date":356,"score":329,"percentile":330},"2025-11-16",{"date":358,"score":329,"percentile":330},"2025-11-17",{"date":360,"score":361,"percentile":362},"2025-11-18",0.91465,0.9974,{"date":364,"score":361,"percentile":362},"2025-11-19",{"date":366,"score":361,"percentile":362},"2025-11-20",{"date":368,"score":329,"percentile":337},"2025-11-21",{"date":370,"score":329,"percentile":330},"2025-11-22",{"date":372,"score":329,"percentile":337},"2025-11-23",{"date":374,"score":329,"percentile":337},"2025-11-24",{"date":376,"score":329,"percentile":337},"2025-11-25",{"date":378,"score":329,"percentile":337},"2025-11-26",{"date":380,"score":329,"percentile":342},"2025-11-27",{"date":382,"score":329,"percentile":342},"2025-11-28",{"date":384,"score":329,"percentile":342},"2025-11-29",{"date":386,"score":329,"percentile":387},"2025-11-30",0.99791,{"date":389,"score":329,"percentile":390},"2025-12-01",0.99795,{"date":392,"score":329,"percentile":390},"2025-12-02",{"date":394,"score":329,"percentile":390},"2025-12-03",{"date":396,"score":329,"percentile":387},"2025-12-04",{"date":398,"score":329,"percentile":387},"2025-12-05",{"date":400,"score":329,"percentile":387},"2025-12-06",{"date":402,"score":329,"percentile":387},"2025-12-07",{"date":404,"score":329,"percentile":342},"2025-12-08",{"date":406,"score":329,"percentile":342},"2025-12-09",{"date":408,"score":329,"percentile":337},"2025-12-10",{"date":410,"score":329,"percentile":342},"2025-12-11",{"date":412,"score":329,"percentile":342},"2025-12-12",{"date":414,"score":329,"percentile":342},"2025-12-13",{"date":416,"score":329,"percentile":342},"2025-12-14",{"date":418,"score":329,"percentile":342},"2025-12-15",{"date":420,"score":329,"percentile":337},"2025-12-16",{"date":422,"score":329,"percentile":337},"2025-12-17",{"date":424,"score":329,"percentile":387},"2025-12-18",{"date":426,"score":329,"percentile":342},"2025-12-19",{"date":428,"score":329,"percentile":342},"2025-12-20",{"date":430,"score":329,"percentile":342},"2025-12-21",{"date":432,"score":329,"percentile":342},"2025-12-22",{"date":434,"score":329,"percentile":342},"2025-12-23",{"date":436,"score":329,"percentile":342},"2025-12-24",{"date":438,"score":329,"percentile":342},"2025-12-25",{"date":440,"score":329,"percentile":387},"2025-12-26",{"date":442,"score":329,"percentile":387},"2025-12-27",{"date":444,"score":329,"percentile":342},"2025-12-28",{"date":446,"score":329,"percentile":387},"2025-12-29",{"date":448,"score":329,"percentile":387},"2025-12-30",{"date":450,"score":329,"percentile":342},"2025-12-31",{"date":452,"score":329,"percentile":390},"2026-01-01",{"date":454,"score":329,"percentile":390},"2026-01-02",{"date":456,"score":329,"percentile":390},"2026-01-03",{"date":458,"score":329,"percentile":387},"2026-01-04",{"date":460,"score":329,"percentile":387},"2026-01-05",{"date":462,"score":329,"percentile":387},"2026-01-06",{"date":464,"score":329,"percentile":387},"2026-01-07",{"date":466,"score":329,"percentile":342},"2026-01-08",{"date":468,"score":329,"percentile":342},"2026-01-09",{"date":470,"score":471,"percentile":387},"2026-01-10",0.93255,{"date":473,"score":471,"percentile":387},"2026-01-11",{"date":475,"score":471,"percentile":387},"2026-01-12",{"date":477,"score":471,"percentile":387},"2026-01-13",{"date":479,"score":471,"percentile":387},"2026-01-14",{"date":481,"score":471,"percentile":387},"2026-01-15",{"date":483,"score":484,"percentile":485},"2026-01-16",0.93102,0.99778,{"date":487,"score":484,"percentile":485},"2026-01-17",{"date":489,"score":484,"percentile":490},"2026-01-18",0.99777,{"date":492,"score":484,"percentile":490},"2026-01-19",{"date":494,"score":484,"percentile":485},"2026-01-20",{"date":496,"score":484,"percentile":485},"2026-01-21",{"date":498,"score":484,"percentile":485},"2026-01-22",{"date":500,"score":484,"percentile":485},"2026-01-23",{"date":502,"score":484,"percentile":485},"2026-01-24",{"date":504,"score":484,"percentile":485},"2026-01-25",{"date":506,"score":484,"percentile":485},"2026-01-26",{"date":508,"score":484,"percentile":485},"2026-01-27",{"date":510,"score":484,"percentile":511},"2026-01-28",0.99779,{"date":513,"score":484,"percentile":511},"2026-01-29",{"date":515,"score":484,"percentile":511},"2026-01-30",{"date":517,"score":484,"percentile":511},"2026-01-31",{"date":519,"score":484,"percentile":520},"2026-02-01",0.99783,[522],{"source":290,"cvss_v2_0":523,"cvss_v3_0":9,"cvss_v3_1":528,"cvss_v4_0":9},{"baseScore":524,"baseSeverity":9,"vectorString":525,"impactScore":526,"exploitabilityScore":527},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":288,"baseSeverity":529,"vectorString":291,"impactScore":288,"exploitabilityScore":527},"CRITICAL",[531,540,546,556],{"ecosystem":9,"name":532,"vendor":533,"product":534,"cpe_part":535,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":536},"debian linux","debian","debian_linux","o",[537],{"version":538,"is_range":223,"range_type":539,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":541,"vendor":542,"product":541,"cpe_part":535,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":543},"fedora","fedoraproject",[544],{"version":545,"is_range":223,"range_type":539,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":547,"vendor":548,"product":547,"cpe_part":549,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":550},"https://github.com/rails/rails","rails","a",[551,554],{"version":552,"is_range":223,"range_type":296,"version_start":552,"version_start_type":553,"version_end":552,"version_end_type":553,"fixed_in":9},"5.2.2.1","including",{"version":555,"is_range":223,"range_type":296,"version_start":555,"version_start_type":553,"version_end":555,"version_end_type":553,"fixed_in":9},"6.0.0.beta3",{"ecosystem":9,"name":548,"vendor":557,"product":548,"cpe_part":549,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":558},"rubyonrails",[559,562,564],{"version":560,"is_range":232,"range_type":539,"version_start":9,"version_start_type":9,"version_end":552,"version_end_type":561,"fixed_in":9},"lt5.2.2.1","excluding",{"version":563,"is_range":223,"range_type":539,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0:beta1",{"version":565,"is_range":223,"range_type":539,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0:beta2"]