CVE-2020-8165

Deserialization of Untrusted Data in gem/rails

Identifiers

CVE-2020-8165

Package Slug

gem/rails

Vulnerability

Deserialization of Untrusted Data

Description

A deserialization of untrusted data vulnernerability exists in rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Affected Versions

All versions before 5.2.4.3, all versions starting from 6.0.0 before 6.0.3.1

Solution

Upgrade to versions 5.2.4.3, 6.0.3.1 or above.

Last Modified

2020-06-25

source