[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8167":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":46,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":73,"related":74,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":94,"kevs":114,"epss":115,"epss_history":118,"metrics":379,"affected":390},"CVE-2020-8167","A CSRF vulnerability exists in rails \u003C= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-352","Cross-Site Request Forgery (CSRF)","The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.","weakness","Stable","Compound","Medium",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":25,"name":26,"techniques":27},"CAPEC-462","Cross-Domain Search Timing",[],{"id":29,"name":30,"techniques":31},"CAPEC-467","Cross Site Identification",[],{"id":33,"name":34,"techniques":35},"CAPEC-62","Cross Site Request Forgery",[],[37],{"_key":38,"name":39,"source":40,"url":41,"maturity":42,"reliability_score":43,"verified":44,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_1D352A14A936151B","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/189878","unknown",0.2,false,[],[],[],[49,51,53,55,57,59,61,63,65,67,69,71],{"_key":50},"UBUNTU-CVE-2020-8167",{"_key":52},"SUSE-SU-2020:3036-1",{"_key":54},"SUSE-SU-2020:3147-1",{"_key":56},"SUSE-SU-2020:3160-1",{"_key":58},"SUSE-SU-2023:2059-1",{"_key":60},"OPENSUSE-SU-2020:1993-1",{"_key":62},"OPENSUSE-SU-2020:2000-1",{"_key":64},"OPENSUSE-SU-2024:10589-1",{"_key":66},"OPENSUSE-SU-2024:11823-1",{"_key":68},"DSA-4766-1",{"_key":70},"DEBIAN-CVE-2020-8167",{"_key":72},"RHSA-2021:1313",[],[75,76,77,78,79,80,81,82],{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},"2020-06-19T17:16:06.000Z","2024-08-04T09:48:25.785Z","Modified",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":85},"low",0.00427,"medium",6.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",[95,102,108],{"url":41,"sources":96,"tags":98},[97,92],"cve.org",[99,100,101],"X Refsource MISC","Exploit","Third Party Advisory",{"url":103,"sources":104,"tags":105},"https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0",[97,92],[99,106,107,101],"Mailing List","Patch",{"url":109,"sources":110,"tags":111},"https://www.debian.org/security/2020/dsa-4766",[97,92],[112,113,101],"Vendor Advisory","X Refsource DEBIAN",[],{"date":116,"score":88,"percentile":117},"2026-06-04",0.62736,[119,123,126,129,132,135,138,141,144,147,150,153,156,159,161,165,168,171,174,176,179,181,184,187,189,191,194,197,201,204,207,210,212,215,218,221,224,227,230,233,236,239,241,244,247,250,253,255,258,260,263,266,269,272,275,278,280,283,286,289,292,295,298,301,304,307,310,313,315,318,321,324,327,330,333,336,339,342,344,346,349,352,355,358,361,364,367,370,373,376],{"date":120,"score":121,"percentile":122},"2025-11-04",0.00592,0.68363,{"date":124,"score":121,"percentile":125},"2025-11-05",0.68347,{"date":127,"score":121,"percentile":128},"2025-11-06",0.68349,{"date":130,"score":121,"percentile":131},"2025-11-07",0.68359,{"date":133,"score":121,"percentile":134},"2025-11-08",0.68362,{"date":136,"score":121,"percentile":137},"2025-11-09",0.68355,{"date":139,"score":121,"percentile":140},"2025-11-10",0.68343,{"date":142,"score":121,"percentile":143},"2025-11-11",0.68352,{"date":145,"score":121,"percentile":146},"2025-11-12",0.68376,{"date":148,"score":121,"percentile":149},"2025-11-13",0.68384,{"date":151,"score":121,"percentile":152},"2025-11-14",0.68391,{"date":154,"score":121,"percentile":155},"2025-11-15",0.68389,{"date":157,"score":121,"percentile":158},"2025-11-16",0.68386,{"date":160,"score":121,"percentile":149},"2025-11-17",{"date":162,"score":163,"percentile":164},"2025-11-18",0.00281,0.48447,{"date":166,"score":163,"percentile":167},"2025-11-19",0.48462,{"date":169,"score":163,"percentile":170},"2025-11-20",0.48446,{"date":172,"score":121,"percentile":173},"2025-11-21",0.68404,{"date":175,"score":121,"percentile":173},"2025-11-22",{"date":177,"score":121,"percentile":178},"2025-11-23",0.68394,{"date":180,"score":121,"percentile":149},"2025-11-24",{"date":182,"score":121,"percentile":183},"2025-11-25",0.68392,{"date":185,"score":121,"percentile":186},"2025-11-26",0.68399,{"date":188,"score":121,"percentile":186},"2025-11-27",{"date":190,"score":121,"percentile":158},"2025-11-28",{"date":192,"score":121,"percentile":193},"2025-11-29",0.68372,{"date":195,"score":121,"percentile":196},"2025-11-30",0.68368,{"date":198,"score":199,"percentile":200},"2025-12-01",0.00347,0.56695,{"date":202,"score":199,"percentile":203},"2025-12-02",0.56713,{"date":205,"score":199,"percentile":206},"2025-12-03",0.56709,{"date":208,"score":121,"percentile":209},"2025-12-04",0.68361,{"date":211,"score":121,"percentile":146},"2025-12-05",{"date":213,"score":121,"percentile":214},"2025-12-06",0.68381,{"date":216,"score":121,"percentile":217},"2025-12-07",0.68377,{"date":219,"score":121,"percentile":220},"2025-12-08",0.68382,{"date":222,"score":121,"percentile":223},"2025-12-09",0.68411,{"date":225,"score":121,"percentile":226},"2025-12-10",0.68457,{"date":228,"score":121,"percentile":229},"2025-12-11",0.68476,{"date":231,"score":121,"percentile":232},"2025-12-12",0.68501,{"date":234,"score":121,"percentile":235},"2025-12-13",0.68504,{"date":237,"score":121,"percentile":238},"2025-12-14",0.68506,{"date":240,"score":121,"percentile":235},"2025-12-15",{"date":242,"score":121,"percentile":243},"2025-12-16",0.6851,{"date":245,"score":121,"percentile":246},"2025-12-17",0.68521,{"date":248,"score":121,"percentile":249},"2025-12-18",0.68554,{"date":251,"score":121,"percentile":252},"2025-12-19",0.68572,{"date":254,"score":121,"percentile":252},"2025-12-20",{"date":256,"score":121,"percentile":257},"2025-12-21",0.68557,{"date":259,"score":121,"percentile":257},"2025-12-22",{"date":261,"score":121,"percentile":262},"2025-12-23",0.68553,{"date":264,"score":121,"percentile":265},"2025-12-24",0.68562,{"date":267,"score":121,"percentile":268},"2025-12-25",0.68592,{"date":270,"score":121,"percentile":271},"2025-12-26",0.68593,{"date":273,"score":121,"percentile":274},"2025-12-27",0.68638,{"date":276,"score":121,"percentile":277},"2025-12-28",0.68565,{"date":279,"score":121,"percentile":257},"2025-12-29",{"date":281,"score":121,"percentile":282},"2025-12-30",0.68571,{"date":284,"score":121,"percentile":285},"2025-12-31",0.68587,{"date":287,"score":199,"percentile":288},"2026-01-01",0.56901,{"date":290,"score":199,"percentile":291},"2026-01-02",0.5688,{"date":293,"score":199,"percentile":294},"2026-01-03",0.56873,{"date":296,"score":121,"percentile":297},"2026-01-04",0.68591,{"date":299,"score":121,"percentile":300},"2026-01-05",0.6858,{"date":302,"score":121,"percentile":303},"2026-01-06",0.6859,{"date":305,"score":121,"percentile":306},"2026-01-07",0.68607,{"date":308,"score":121,"percentile":309},"2026-01-08",0.68622,{"date":311,"score":121,"percentile":312},"2026-01-09",0.68631,{"date":314,"score":121,"percentile":312},"2026-01-10",{"date":316,"score":121,"percentile":317},"2026-01-11",0.68624,{"date":319,"score":121,"percentile":320},"2026-01-12",0.68614,{"date":322,"score":121,"percentile":323},"2026-01-13",0.68613,{"date":325,"score":121,"percentile":326},"2026-01-14",0.68647,{"date":328,"score":121,"percentile":329},"2026-01-15",0.68652,{"date":331,"score":121,"percentile":332},"2026-01-16",0.68667,{"date":334,"score":121,"percentile":335},"2026-01-17",0.68656,{"date":337,"score":121,"percentile":338},"2026-01-18",0.68644,{"date":340,"score":121,"percentile":341},"2026-01-19",0.68635,{"date":343,"score":121,"percentile":338},"2026-01-20",{"date":345,"score":121,"percentile":329},"2026-01-21",{"date":347,"score":121,"percentile":348},"2026-01-22",0.68662,{"date":350,"score":121,"percentile":351},"2026-01-23",0.6869,{"date":353,"score":121,"percentile":354},"2026-01-24",0.68701,{"date":356,"score":121,"percentile":357},"2026-01-25",0.68671,{"date":359,"score":121,"percentile":360},"2026-01-26",0.68663,{"date":362,"score":121,"percentile":363},"2026-01-27",0.68666,{"date":365,"score":121,"percentile":366},"2026-01-28",0.68677,{"date":368,"score":121,"percentile":369},"2026-01-29",0.68678,{"date":371,"score":121,"percentile":372},"2026-01-30",0.68684,{"date":374,"score":121,"percentile":375},"2026-01-31",0.68689,{"date":377,"score":199,"percentile":378},"2026-02-01",0.56872,[380],{"source":92,"cvss_v2_0":381,"cvss_v3_0":9,"cvss_v3_1":386,"cvss_v4_0":9},{"baseScore":382,"baseSeverity":9,"vectorString":383,"impactScore":384,"exploitabilityScore":385},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":90,"baseSeverity":387,"vectorString":93,"impactScore":388,"exploitabilityScore":389},"MEDIUM",6,7.2,[391,400],{"ecosystem":9,"name":392,"vendor":393,"product":394,"cpe_part":395,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":396},"debian linux","debian","debian_linux","o",[397],{"version":398,"is_range":44,"range_type":399,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":401,"vendor":402,"product":401,"cpe_part":403,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":404},"rails","rubyonrails","a",[405,410],{"version":406,"is_range":407,"range_type":399,"version_start":9,"version_start_type":9,"version_end":408,"version_end_type":409,"fixed_in":9},"lt5.2.4.3",true,"5.2.4.3","excluding",{"version":411,"is_range":407,"range_type":399,"version_start":412,"version_start_type":413,"version_end":414,"version_end_type":409,"fixed_in":9},"gte6.0.0_lt6.0.3.1","6.0.0","including","6.0.3.1"]