Back to search
CVE-2020-8164
Published: Jun 19, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
| Vendor | Product | Versions |
|---|---|---|
n/a | https://github.com/rails/rails | affected 5.2.4.3, 6.0.3.1 |
Weaknesses (CWE)
References
https://hackerone.com/reports/292797
x_refsource_MISC
https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
x_refsource_MISC
[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update
mailing-list
x_refsource_MLIST
DSA-4766
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2020:1533
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1536
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1575
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now