Identifier

CVE-2020-8165

Package Slug

gem/rails

Vulnerability

Deserialization of Untrusted Data

Description

A deserialization of untrusted data vulnernerability exists in rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Affected Versions

All versions before 5.2.5, all versions starting from 6.0.0 before 6.0.4

Solution

Upgrade to version 6.0.0.beta1 or above.

Last Modified

2020-06-25

source