Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / rails | 6.0.0 | 6.0.3.1 |
| rubyonrails / rails | - | 5.2.4.3 |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / leap | 15.2 | 15.2.x |
activesupport
|
5.0.0 | 5.2.4.3 |
|
activesupport
|
6.0.0 | 6.0.3.1 |
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml
- https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
- https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
- https://hackerone.com/reports/413388
- https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
- https://security.netapp.com/advisory/ntap-20250509-0002/
- https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
- https://www.debian.org/security/2020/dsa-4766
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime