CVE-2020-8165

Summary

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/railsFixed in 5.2.4.3, 6.0.3.1affected

Weaknesses

  • CWE-502: Deserialization of Untrusted Data (CWE-502)

ADP Enrichment

CVE Program Container

Additional References

References