Lucene search

CVE-2020-8165

🗓️ 19 Jun 2020 18:11:15Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 199 Views

A deserialization vulnernerability in rails allowing RC

Reporter	Title	Published	Views	Family All 57
SUSE Linux	Security update for rubygem-activesupport-5_1 (critical)	17 Oct 202000:00	–	suse
SUSE Linux	Security update for rubygem-activesupport-5_1 (critical)	16 Oct 202000:00	–	suse
SUSE Linux	Security update for rmt-server (important)	21 Nov 202000:00	–	suse
SUSE Linux	Security update for rmt-server (important)	23 Nov 202000:00	–	suse
GithubExploit	Exploit for Deserialization of Untrusted Data in Rubyonrails Rails	15 Jan 202107:31	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Rubyonrails Rails	20 May 202004:27	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Rubyonrails Rails	15 Jan 202104:40	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Rubyonrails Rails	25 Dec 202020:07	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Rubyonrails Rails	3 Jan 202121:59	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Rubyonrails Rails	14 Feb 202106:57	–	githubexploit

Nvd

Vulners

Node

rubyonrails railsRange<5.2.4.3

rubyonrails railsRange6.0.0–6.0.3.1

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

opensuse leapMatch15.1

opensuse leapMatch15.2

[
  {
    "product": "https://github.com/rails/rails",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 5.2.4.3, 6.0.3.1"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2020/07/msg00013.html
lists	www.lists.debian.org/debian-lts-announce/2020/06/msg00022.html
hackerone	www.hackerone.com/reports/413388
lists	www.lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
debian	www.debian.org/security/2020/dsa-4766
weblog	www.weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
groups	www.groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Jun 2020 18:15Current

9.1High risk

Vulners AI Score9.1

CVSS27.5

CVSS39.8

EPSS0.35827

CWE-502