VDB
DEBIAN-CVE-2020-8165
DEBIAN-CVE-2020-8165
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | rails | 0, 0, 0 |
| Debian:14 | rails | 0, 0, 0 |
| Debian:13 | rails | 0, 0, 0 |
| Debian:11 | rails | 0, 0, 0 |
Exploit Intelligence
- AssassinUKG/CVE-2020-8165 (github-poc-repo)
- PoC for CVE-2020-8165 (github-poc-repo)
- danielklim/cve-2020-8165-demo (github-poc-repo)
- masahiro331/CVE-2020-8165 (github-poc-repo)
- danielklim/cve-2020-8165-demo (github-poc)
- PoC for CVE-2020-8165 (github-poc)
- AssassinUKG/CVE-2020-8165 (github-poc)
- hybryx/CVE-2020-8165 (github-poc)
- taipansec/CVE-2020-8165 (github-poc)
- umiterkol/CVE-2020-8165--Auto-Shell (github-poc)
…and 15 more exploits
Timeline
- Jun 19, 2020 CVE Published
- Apr 28, 2026 CVE Updated