|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for rails (DLA-2282-1)|
|Summary:||The remote host is missing an update for the 'rails'; package(s) announced via the DLA-2282-1 advisory.|
The remote host is missing an update for the 'rails'
package(s) announced via the DLA-2282-1 advisory.
Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based
framework geared for web application development, which could lead to
remote code execution and untrusted user input usage, depending on the
A code injection vulnerability in Rails would allow an attacker
who controlled the `locals` argument of a `render` call to perform
A deserialization of untrusted data vulnerability exists in rails
which can allow an attacker to supply information can be
inadvertently leaked from Strong Parameters.
A deserialization of untrusted data vulnernerability exists in
rails that can allow an attacker to unmarshal user-provided objects
in MemCacheStore and RedisCacheStore potentially resulting in an
'rails' package(s) on Debian Linux.
For Debian 9 stretch, these problems have been fixed in version
We recommend that you upgrade your rails packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-8163|
Common Vulnerability Exposure (CVE) ID: CVE-2020-8164
Debian Security Information: DSA-4766 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1533 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1536 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1575 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-8165
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.