CVE-2020-8164

Summary

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/rails5.2.4.3, 6.0.3.1affected

Weaknesses

  • CWE-502: Deserialization of Untrusted Data (CWE-502)

ADP Enrichment

CVE Program Container

Additional References

References