CVE-2020-8164
19.06.2020, 17:15
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.Enginsight
Vendor | Product | Version |
---|---|---|
rubyonrails | rails | 𝑥 < 5.2.4.3 |
rubyonrails | rails | 6.0.0 ≤ 𝑥 < 6.0.3.1 |
debian | debian_linux | 8.0 |
debian | debian_linux | 9.0 |
debian | debian_linux | 10.0 |
opensuse | backports_sle | 15.0:sp1 |
opensuse | leap | 15.1 |
opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
rails |
| ||||||||||||||||||||||||||
rails-4.0 |
| ||||||||||||||||||||||||||
ruby-actionpack-3.2 |
| ||||||||||||||||||||||||||
ruby-activemodel-3.2 |
| ||||||||||||||||||||||||||
ruby-activerecord-3.2 |
| ||||||||||||||||||||||||||
ruby-activesupport-3.2 |
| ||||||||||||||||||||||||||
ruby-rails-3.2 |
|
Common Weakness Enumeration
References