CVE-2020-8165
gem/rails
Deserialization of Untrusted Data
A deserialization of untrusted data vulnernerability exists in rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore
and RedisCacheStore
potentially resulting in an RCE.
All versions before 5.2.4.3, all versions starting from 6.0.0 before 6.0.3.1
Upgrade to versions 5.2.4.3, 6.0.3.1 or above.
2020-06-25
source |