You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
CVE-2020-8164 - High Severity Vulnerability
Vulnerable Library - actionpack-5.2.4.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-5.2.4.2.gem
Path to vulnerable library: /xinfei-presenze/vendor/cache/actionpack-5.2.4.2.gem
Dependency Hierarchy:
Found in HEAD commit: 144a3471e80296517fe922af0a5339e47902390b
Vulnerability Details
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
Publish Date: 2020-06-19
URL: CVE-2020-8164
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8727-m6gj-mc37
Release Date: 2020-05-31
Fix Resolution: 5.2.4.3,6.0.3.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: