CVE-2020-8164

Опубликовано: 19 июн. 2020

Источник: debian

EPSS Низкий

Описание

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
rails	fixed	2:6.0.3.1+dfsg-1	experimental	package
rails	fixed	2:5.2.4.3+dfsg-1		package

Примечания

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec (5.2)

EPSS

Процентиль: 90%

0.05862

Низкий

Связанные уязвимости

CVE-2020-8164

CVSS3: 7.5

ubuntu

около 5 лет назад

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

CVE-2020-8164

CVSS3: 7.5

redhat

около 5 лет назад

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

CVE-2020-8164

CVSS3: 7.5

nvd

около 5 лет назад

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

openSUSE-SU-2020:1536-1

suse-cvrf

почти 5 лет назад

Security update for rubygem-actionpack-5_1

openSUSE-SU-2020:1533-1

suse-cvrf

почти 5 лет назад

Security update for rubygem-actionpack-5_1

EPSS

Процентиль: 90%

0.05862

Низкий