VDB

CVE-2020-8164

CVE-2020-8164 PUBLISHED

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

EPSS 7.39% · 91.9th percentile

Risk Scores

EPSS Score
7.39%
91.9th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:18.04:LTSrails*, 2:4.2.10-0ubuntu4, 2:4.2.10-0ubuntu4+esm1
Ubuntu:Pro:16.04:LTSrails*, *, 2:4.2.6-1ubuntu0.1~esm2
Ubuntu:Pro:20.04:LTSrails0, *, 2:5.2.3+dfsg-3ubuntu0.1~esm1

Timeline

  • CVE Published
  • May 18, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Mar 6, 2024 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›