CVE-2020-8165
CRITICALRails <5.2.4.3-6.0.3.1 - Deserialization
Title source: llmDescription
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Exploits (8)
nomisec
WORKING POC
1 stars
by umiterkol · poc
https://github.com/umiterkol/CVE-2020-8165--Auto-Shell
References (9)
Scores
CVSS v3
9.8
EPSS
0.9013
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (7)
rubyonrails/rails
< 5.2.4.3
debian/debian_linux
debian/debian_linux
debian/debian_linux
opensuse/leap
opensuse/leap
rubygems/activesupport
< 5.2.4.3RubyGems
Timeline
Published
Jun 19, 2020
Tracked Since
Feb 18, 2026