CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
Published: February 11, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-0277 (NVD)
- GHSA: GHSA-fhj9-cjjh-27vm
- OSVDB: OSVDB-90073
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 10.0 (High)
PATCHED VERSIONS
~> 2.3.17
>= 3.1.0
DESCRIPTION
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.