vulnerability

SUSE: CVE-2020-8165: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	May 18, 2020	Oct 20, 2020	Sep 9, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

May 18, 2020

Added

Oct 20, 2020

Modified

Sep 9, 2025

Description

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Solutions

suse-upgrade-rmt-serversuse-upgrade-rmt-server-configsuse-upgrade-rmt-server-pubcloudsuse-upgrade-ruby2-5-rubygem-activesupport-5_1suse-upgrade-ruby2-5-rubygem-activesupport-doc-5_1

References

SUSE-SUSE-SU-2020:2899-1
SUSE-SUSE-SU-2020:2929-1
SUSE-SUSE-SU-2020:3036-1
SUSE-SUSE-SU-2020:3147-1
SUSE-SUSE-SU-2020:3160-1
NVD-CVE-2020-8165

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today