Patch CVE-2020-5267 for Rails 4 and Rails 3# legacy-rails-CVE-2020-5267-patch
[](https://github.com/GUI/legacy-rails-CVE-2020-5267-patch/actions?workflow=CI)
A patch for [CVE-2020-5267](https://github.com/advisories/GHSA-65cv-r6x7-79hv) for Rails 4 and Rails 3. Upgrading Rails would definitely be better, but in the meantime if you're stuck on older versions of Rails, this provides the monkey patch noted in the security advisory packaged and tested as a gem.
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'legacy-rails-CVE-2020-5267-patch'
```
And then execute:
```
$ bundle install
```
[4.0K] /data/pocs/46e24f325c1381e6bc7b61de85b4e7670fca8b98
├── [ 111] Appraisals
├── [4.0K] bin
│ ├── [ 367] console
│ └── [ 131] setup
├── [ 98] CHANGELOG.md
├── [ 165] Gemfile
├── [2.8K] Gemfile.lock
├── [4.0K] gemfiles
│ ├── [ 164] rails_3.2.gemfile
│ ├── [2.3K] rails_3.2.gemfile.lock
│ ├── [ 164] rails_4.2.gemfile
│ └── [2.8K] rails_4.2.gemfile.lock
├── [1.5K] legacy-rails-CVE-2020-5267-patch.gemspec
├── [4.0K] lib
│ ├── [4.0K] legacy-rails-CVE-2020-5267-patch
│ │ └── [ 59] version.rb
│ └── [ 611] legacy-rails-CVE-2020-5267-patch.rb
├── [1.1K] LICENSE.txt
├── [ 198] Rakefile
├── [ 666] README.md
└── [4.0K] test
├── [1.9K] patch_test.rb
└── [ 126] test_helper.rb
5 directories, 18 files