CVE-2020-8165 vulnerability in Ruby on Rails and Other Products
Published on June 19, 2020

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2020-8165 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2020-8165

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8165 are published in these products:

Ruby on Rails Rails

Debian Linux

OpenSuse Leap

Exploit Probability

EPSS

90.13%

Percentile

99.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-8165 vulnerability in Ruby on Rails and Other ProductsPublished on June 19, 2020

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2020-8165

Exploit Probability

CVE-2020-8165 vulnerability in Ruby on Rails and Other Products
Published on June 19, 2020