CVE-2020-8164

HIGH

Rails <5.2.4.3-6.0.3.1 - Info Disclosure

Title source: llm

Description

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

References (8)

Scores

CVSS v3 7.5
EPSS 0.0739
EPSS Percentile 91.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-502
Status published

Affected Products (8)

rubyonrails/rails < 5.2.4.3
debian/debian_linux
debian/debian_linux
debian/debian_linux
opensuse/backports_sle
opensuse/leap
opensuse/leap
rubygems/actionpack < 5.2.4.3RubyGems

Timeline

Published Jun 19, 2020
Tracked Since Feb 18, 2026