CVE-2020-8165

CRITICAL LAB

Rails <5.2.4.3-6.0.3.1 - Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2020-8165. PoCs published by masahiro331, hybryx, danielklim.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-8165, a deserialization vulnerability in Ruby on Rails. The exploit leverages the `ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy` class to achieve remote code execution (RCE) by crafting a malicious payload that is deserialized when processed by the Rails application.

Description

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Exploits (8)

nomisec WORKING POC 41 stars
by masahiro331 · poc
https://github.com/masahiro331/CVE-2020-8165

This repository contains a functional exploit for CVE-2020-8165, a deserialization vulnerability in Ruby on Rails. The exploit leverages the `ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy` class to achieve remote code execution (RCE) by crafting a malicious payload that is deserialized when processed by the Rails application.

Classification
Working Poc 100%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Ruby on Rails 5.2.3
No auth needed
Prerequisites: Ruby 2.6.3 · Rails 5.2.3 · Redis server running
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 4 stars
by hybryx · poc
https://github.com/hybryx/CVE-2020-8165

This repository contains a functional Python exploit for CVE-2020-8165, targeting Rails applications with vulnerable MemCacheStore/RedisCacheStore deserialization. The exploit crafts a malicious payload to achieve remote code execution (RCE) via object unmarshaling.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ruby on Rails < 5.2.4.3, < 6.0.3.1
Auth required
Prerequisites: Valid user credentials · Target running vulnerable Rails version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by danielklim · poc
https://github.com/danielklim/cve-2020-8165-demo

This repository contains a functional exploit PoC for CVE-2020-8165, demonstrating a deserialization vulnerability in Rails < 5.2.4.3 and < 6.0.3.1. The PoC includes a Dockerized Rails application with a vulnerable caching mechanism that can be exploited to achieve RCE via crafted payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ruby on Rails < 5.2.4.3, < 6.0.3.1
No auth needed
Prerequisites: Access to a vulnerable Rails application using MemCacheStore or RedisCacheStore · Ability to send crafted cache keys to the application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by umiterkol · poc
https://github.com/umiterkol/CVE-2020-8165--Auto-Shell

This repository contains a functional exploit for CVE-2020-8165, targeting a deserialization vulnerability in Ruby on Rails. The script automates user creation, login, and payload delivery to achieve remote code execution via a crafted serialized object.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Ruby on Rails (specific version not specified)
Auth required
Prerequisites: Target IP address · Attacker IP and port for reverse shell · Access to signup and login endpoints
devstral-2 · analyzed Feb 18, 2026 Full analysis →
gitlab STUB
by gonzoyumo · poc
https://gitlab.com/gonzoyumo/test-rails-cve-2020-8165

The repository contains only a GitLab CI configuration file with no exploit code or technical details related to CVE-2020-8165. It appears to be a placeholder or incomplete repository.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by progfay · poc
https://github.com/progfay/CVE-2020-8165

This repository contains a functional exploit PoC for CVE-2020-8165, demonstrating a deserialization vulnerability in Rails applications using Redis cache stores. The exploit leverages unsafe deserialization of user-controlled input passed to the Redis cache.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Ruby on Rails with Redis cache store
No auth needed
Prerequisites: Redis cache store configured in Rails application · Ability to send crafted requests to the application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by AssassinUKG · poc
https://github.com/AssassinUKG/CVE-2020-8165

This repository contains a functional exploit for CVE-2020-8165, which leverages a deserialization vulnerability in the target software to achieve remote code execution (RCE). The exploit automates user creation, login, and payload delivery to trigger a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a Ruby on Rails application based on the exploit mechanics)
Auth required
Prerequisites: Network access to the target · Target application running on port 8080
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by taipansec · poc
https://github.com/taipansec/CVE-2020-8165

This exploit leverages a deserialization vulnerability in the target software to achieve remote code execution (RCE) via a crafted payload. It automates user creation, login, and payload delivery to trigger a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a Ruby on Rails application)
Auth required
Prerequisites: Target IP address · Attacker IP and port for reverse shell · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/413388
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4766
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html

Scores

CVSS v3 9.8
EPSS 0.9013
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull redis:latest
docker pull redis:6-alpine
+4 more repos

Details

CWE
CWE-502
Status published
Products (7)
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
opensuse/leap 15.1
opensuse/leap 15.2
rubygems/activesupport 5.0.0 - 5.2.4.3RubyGems
rubyonrails/rails < 5.2.4.3
Published Jun 19, 2020
Tracked Since Feb 18, 2026