You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Path to dependency file: webdataconnector/Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.5.0/cache/activesupport-6.0.2.2.gem
Dependency Hierarchy:
github-pages-204.gem (Root Library)
jemoji-0.11.1.gem
html-pipeline-2.12.3.gem
❌ activesupport-6.0.2.2.gem (Vulnerable Library)
Vulnerability Details
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
CVE-2020-8165 - High Severity Vulnerability
Vulnerable Library - activesupport-6.0.2.2.gem
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-6.0.2.2.gem
Path to dependency file: webdataconnector/Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.5.0/cache/activesupport-6.0.2.2.gem
Dependency Hierarchy:
Vulnerability Details
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Publish Date: 2020-06-19
URL: CVE-2020-8165
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-2p68-f74v-9wc6
Release Date: 2020-05-31
Fix Resolution: 5.2.4.3,6.0.3.1
The text was updated successfully, but these errors were encountered: