Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-8165

Опубликовано: 19 июн. 2020
Источник: debian
EPSS Критический

Описание

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
railsfixed2:5.2.4.3+dfsg-1package

Примечания

  • https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released

  • https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) (5.2)

  • https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) (5.2)

  • Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b

EPSS

Процентиль: 100%
0.90958
Критический

Связанные уязвимости

CVSS3: 9.8
ubuntu
около 5 лет назад

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

CVSS3: 9.8
redhat
около 5 лет назад

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

CVSS3: 9.8
nvd
около 5 лет назад

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

suse-cvrf
больше 4 лет назад

Security update for rubygem-activesupport-5_1

suse-cvrf
больше 4 лет назад

Security update for rubygem-activesupport-5_1

EPSS

Процентиль: 100%
0.90958
Критический