| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-8165 | 7.5 |
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
|
24-05-2022 - 16:45 | 19-06-2020 - 18:15 | |
| CVE-2020-8164 | 5.0 |
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
|
24-05-2022 - 16:44 | 19-06-2020 - 17:15 | |
| CVE-2020-8162 | 5.0 |
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
|
24-05-2022 - 16:15 | 19-06-2020 - 17:15 | |
| CVE-2020-8167 | 4.3 |
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
|
21-10-2021 - 14:35 | 19-06-2020 - 18:15 | |
| CVE-2020-15169 | 4.3 |
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpe
|
08-12-2020 - 18:58 | 11-09-2020 - 16:15 | |
| CVE-2020-8166 | 4.3 |
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
|
20-11-2020 - 17:47 | 02-07-2020 - 19:15 | |
| CVE-2020-8164 | 5.0 |
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
|
30-09-2020 - 18:15 | 19-06-2020 - 17:15 | |
| CVE-2020-8165 | 7.5 |
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
|
25-09-2020 - 12:15 | 19-06-2020 - 18:15 | |
| CVE-2020-8166 | 4.3 |
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
|
25-09-2020 - 12:15 | 02-07-2020 - 19:15 | |
| CVE-2020-8167 | 4.3 |
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
|
25-09-2020 - 12:15 | 19-06-2020 - 18:15 | |
| CVE-2020-8162 | 5.0 |
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
|
25-09-2020 - 12:15 | 19-06-2020 - 17:15 | |
| CVE-2020-15169 | 4.3 |
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpe
|
25-09-2020 - 12:15 | 11-09-2020 - 16:15 |