16 matches found
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-rails (UTSA-2026-016651)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016651 advisory. A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in...
Exploit for Deserialization of Untrusted Data in Rubyonrails Rails
CVE-2020-8165 Demo Yet another demo of CVE-2020-8165, though...
Exploit for Deserialization of Untrusted Data in Rubyonrails Rails
CVE-2020-8165 Python Exploit This is code to exploit CVE-2020...
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
Deserialization of Untrusted Data
A deserialization of untrusted data vulnernerability exists in rails, rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...
GHSA-2P68-F74V-9WC6 ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...
FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)
Ruby on Rails blog : Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes : CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible...
Deserialization of Untrusted Data
Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the MemCacheStore and RedisCacheStore. when untrusted user input is written to the cache...
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
There is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerabl...
Rails -- multiple vulnerabilities
Ruby on Rails blog: Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes: CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible Stro...
Ruby on Rails: Untrusted strings that are cache fetched with raw option are automatically marshal loaded
This vulnerability effects application code that caches a string from an untrusted source using the raw: true option. For example, vulnerable application code might looks something like the following ruby body = Rails.cache.fetchkey, raw: true, expiresin: ttl do res = Net::HTTP.getresponseremoteu...