CVE-2013-0277 (activerecord): CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

February 11th, 2013

SEVERITY

CVSS v2.0: 10.0 (High)

PATCHED VERSIONS

~> 2.3.17
>= 3.1.0

DESCRIPTION

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

RubySec

CVE-2013-0277 (activerecord): CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

ADVISORIES

GEM

FRAMEWORK

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories