[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8166":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":46,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":73,"related":74,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":94,"kevs":114,"epss":115,"epss_history":118,"metrics":382,"affected":394},"CVE-2020-8166","A CSRF forgery vulnerability exists in rails \u003C 5.2.5, rails \u003C 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-352","Cross-Site Request Forgery (CSRF)","The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.","weakness","Stable","Compound","Medium",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":25,"name":26,"techniques":27},"CAPEC-462","Cross-Domain Search Timing",[],{"id":29,"name":30,"techniques":31},"CAPEC-467","Cross Site Identification",[],{"id":33,"name":34,"techniques":35},"CAPEC-62","Cross Site Request Forgery",[],[37],{"_key":38,"name":39,"source":40,"url":41,"maturity":42,"reliability_score":43,"verified":44,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_9C9EB44E7CDCC9DD","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/732415","unknown",0.2,false,[],[],[],[49,51,53,55,57,59,61,63,65,67,69,71],{"_key":50},"SUSE-SU-2020:3036-1",{"_key":52},"SUSE-SU-2020:3147-1",{"_key":54},"SUSE-SU-2020:3160-1",{"_key":56},"SUSE-SU-2024:0103-1",{"_key":58},"OPENSUSE-SU-2020:1993-1",{"_key":60},"OPENSUSE-SU-2020:2000-1",{"_key":62},"OPENSUSE-SU-2024:10589-1",{"_key":64},"OPENSUSE-SU-2024:11821-1",{"_key":66},"DSA-4766-1",{"_key":68},"DEBIAN-CVE-2020-8166",{"_key":70},"UBUNTU-CVE-2020-8166",{"_key":72},"RHSA-2021:1313",[],[75,76,77,78,79,80,81,82],{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},"2020-07-02T18:35:17.000Z","2026-04-28T15:45:49.012Z","Modified",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":85},"low",0.00443,"medium",4.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",[95,102,108],{"url":41,"sources":96,"tags":98},[97,92],"cve.org",[99,100,101],"X Refsource MISC","Exploit","Third Party Advisory",{"url":103,"sources":104,"tags":105},"https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",[97,92],[99,106,107,101],"Mailing List","Patch",{"url":109,"sources":110,"tags":111},"https://www.debian.org/security/2020/dsa-4766",[97,92],[112,113,101],"Vendor Advisory","X Refsource DEBIAN",[],{"date":116,"score":88,"percentile":117},"2026-06-04",0.63633,[119,122,125,127,130,133,135,138,141,144,147,150,153,156,159,163,166,169,172,175,178,181,183,186,189,192,195,198,202,205,208,210,213,216,219,222,225,228,231,234,237,240,243,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,325,328,331,334,337,340,343,346,348,351,354,357,360,363,365,367,370,373,376,379],{"date":120,"score":88,"percentile":121},"2025-11-04",0.62494,{"date":123,"score":88,"percentile":124},"2025-11-05",0.62484,{"date":126,"score":88,"percentile":121},"2025-11-06",{"date":128,"score":88,"percentile":129},"2025-11-07",0.6251,{"date":131,"score":88,"percentile":132},"2025-11-08",0.62516,{"date":134,"score":88,"percentile":129},"2025-11-09",{"date":136,"score":88,"percentile":137},"2025-11-10",0.62493,{"date":139,"score":88,"percentile":140},"2025-11-11",0.62506,{"date":142,"score":88,"percentile":143},"2025-11-12",0.62528,{"date":145,"score":88,"percentile":146},"2025-11-13",0.62535,{"date":148,"score":88,"percentile":149},"2025-11-14",0.62545,{"date":151,"score":88,"percentile":152},"2025-11-15",0.62536,{"date":154,"score":88,"percentile":155},"2025-11-16",0.62527,{"date":157,"score":88,"percentile":158},"2025-11-17",0.62531,{"date":160,"score":161,"percentile":162},"2025-11-18",0.00207,0.38719,{"date":164,"score":161,"percentile":165},"2025-11-19",0.38727,{"date":167,"score":161,"percentile":168},"2025-11-20",0.38721,{"date":170,"score":88,"percentile":171},"2025-11-21",0.6254,{"date":173,"score":88,"percentile":174},"2025-11-22",0.62549,{"date":176,"score":88,"percentile":177},"2025-11-23",0.62526,{"date":179,"score":88,"percentile":180},"2025-11-24",0.62521,{"date":182,"score":88,"percentile":177},"2025-11-25",{"date":184,"score":88,"percentile":185},"2025-11-26",0.62529,{"date":187,"score":88,"percentile":188},"2025-11-27",0.62534,{"date":190,"score":88,"percentile":191},"2025-11-28",0.62515,{"date":193,"score":88,"percentile":194},"2025-11-29",0.6249,{"date":196,"score":88,"percentile":197},"2025-11-30",0.62482,{"date":199,"score":200,"percentile":201},"2025-12-01",0.00243,0.47512,{"date":203,"score":200,"percentile":204},"2025-12-02",0.47525,{"date":206,"score":200,"percentile":207},"2025-12-03",0.47518,{"date":209,"score":88,"percentile":194},"2025-12-04",{"date":211,"score":88,"percentile":212},"2025-12-05",0.62501,{"date":214,"score":88,"percentile":215},"2025-12-06",0.62503,{"date":217,"score":88,"percentile":218},"2025-12-07",0.62495,{"date":220,"score":88,"percentile":221},"2025-12-08",0.62502,{"date":223,"score":88,"percentile":224},"2025-12-09",0.62537,{"date":226,"score":88,"percentile":227},"2025-12-10",0.62581,{"date":229,"score":88,"percentile":230},"2025-12-11",0.62598,{"date":232,"score":88,"percentile":233},"2025-12-12",0.62623,{"date":235,"score":88,"percentile":236},"2025-12-13",0.6263,{"date":238,"score":88,"percentile":239},"2025-12-14",0.62628,{"date":241,"score":88,"percentile":242},"2025-12-15",0.62615,{"date":244,"score":88,"percentile":236},"2025-12-16",{"date":246,"score":88,"percentile":247},"2025-12-17",0.62643,{"date":249,"score":88,"percentile":250},"2025-12-18",0.6268,{"date":252,"score":88,"percentile":253},"2025-12-19",0.62694,{"date":255,"score":88,"percentile":256},"2025-12-20",0.62695,{"date":258,"score":88,"percentile":259},"2025-12-21",0.62686,{"date":261,"score":88,"percentile":262},"2025-12-22",0.62677,{"date":264,"score":88,"percentile":265},"2025-12-23",0.62693,{"date":267,"score":88,"percentile":268},"2025-12-24",0.627,{"date":270,"score":88,"percentile":271},"2025-12-25",0.62731,{"date":273,"score":88,"percentile":274},"2025-12-26",0.62728,{"date":276,"score":88,"percentile":277},"2025-12-27",0.62789,{"date":279,"score":88,"percentile":280},"2025-12-28",0.62707,{"date":282,"score":88,"percentile":283},"2025-12-29",0.62702,{"date":285,"score":88,"percentile":286},"2025-12-30",0.62717,{"date":288,"score":88,"percentile":289},"2025-12-31",0.62738,{"date":291,"score":200,"percentile":292},"2026-01-01",0.47642,{"date":294,"score":200,"percentile":295},"2026-01-02",0.4762,{"date":297,"score":200,"percentile":298},"2026-01-03",0.47606,{"date":300,"score":88,"percentile":301},"2026-01-04",0.62729,{"date":303,"score":88,"percentile":304},"2026-01-05",0.62725,{"date":306,"score":88,"percentile":307},"2026-01-06",0.62721,{"date":309,"score":88,"percentile":310},"2026-01-07",0.62742,{"date":312,"score":88,"percentile":313},"2026-01-08",0.62765,{"date":315,"score":88,"percentile":316},"2026-01-09",0.62768,{"date":318,"score":88,"percentile":319},"2026-01-10",0.62762,{"date":321,"score":88,"percentile":322},"2026-01-11",0.62749,{"date":324,"score":88,"percentile":274},"2026-01-12",{"date":326,"score":88,"percentile":327},"2026-01-13",0.62724,{"date":329,"score":88,"percentile":330},"2026-01-14",0.62767,{"date":332,"score":88,"percentile":333},"2026-01-15",0.62783,{"date":335,"score":88,"percentile":336},"2026-01-16",0.628,{"date":338,"score":88,"percentile":339},"2026-01-17",0.62795,{"date":341,"score":88,"percentile":342},"2026-01-18",0.62792,{"date":344,"score":88,"percentile":345},"2026-01-19",0.62778,{"date":347,"score":88,"percentile":339},"2026-01-20",{"date":349,"score":88,"percentile":350},"2026-01-21",0.62797,{"date":352,"score":88,"percentile":353},"2026-01-22",0.62801,{"date":355,"score":88,"percentile":356},"2026-01-23",0.62835,{"date":358,"score":88,"percentile":359},"2026-01-24",0.62841,{"date":361,"score":88,"percentile":362},"2026-01-25",0.62807,{"date":364,"score":88,"percentile":350},"2026-01-26",{"date":366,"score":88,"percentile":353},"2026-01-27",{"date":368,"score":88,"percentile":369},"2026-01-28",0.62814,{"date":371,"score":88,"percentile":372},"2026-01-29",0.62809,{"date":374,"score":88,"percentile":375},"2026-01-30",0.62815,{"date":377,"score":88,"percentile":378},"2026-01-31",0.62821,{"date":380,"score":200,"percentile":381},"2026-02-01",0.47442,[383,392],{"source":92,"cvss_v2_0":384,"cvss_v3_0":9,"cvss_v3_1":388,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":9,"vectorString":385,"impactScore":386,"exploitabilityScore":387},"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":90,"baseSeverity":389,"vectorString":93,"impactScore":390,"exploitabilityScore":391},"MEDIUM",2.3,7.2,{"source":97,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":389,"vectorString":93,"impactScore":390,"exploitabilityScore":391},[395,404],{"ecosystem":9,"name":396,"vendor":397,"product":398,"cpe_part":399,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":400},"debian linux","debian","debian_linux","o",[401],{"version":402,"is_range":44,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":405,"vendor":406,"product":405,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":408},"rails","rubyonrails","a",[409,414],{"version":410,"is_range":411,"range_type":403,"version_start":9,"version_start_type":9,"version_end":412,"version_end_type":413,"fixed_in":9},"lt5.2.4.3",true,"5.2.4.3","excluding",{"version":415,"is_range":411,"range_type":403,"version_start":416,"version_start_type":417,"version_end":418,"version_end_type":413,"fixed_in":9},"gte6.0.0_lt6.0.3.1","6.0.0","including","6.0.3.1"]