CVE-2020-8165

CVE-2020-8165

Vendor N/A
Product https://github.com/rails/rails
Weakness CWE-502 · Unsafe deserialization
Published June 19, 2020
Last update May 9, 2025

CVSS base score

What the vulnerability does

01Description

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Key dates

02Disclosure timeline

June 19, 2020 CVE published
May 9, 2025 Record updated