There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. References: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
Created rubygem-rails tracking bugs for this issue: Affects: fedora-all [bug 1852381]
Upstream patch: https://github.com/rails/rails/commit/661da266b94909574426fd1121ef13b800e01b9a
External References: https://weblog.rubyonrails.org/2020/6/17/Rails-6-0-3-2-has-been-released
Statement: Red Hat Satellite and Red Hat CloudForms do not ship vulnerable versions of RubyGem Rails hence not affected to the flaw.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8185