RubySec

Providing security resources for the Ruby community

CVE-2013-0333 (activesupport): Ruby on Rails JSON Parser Crafted Payload YAML Subset Decoding Remote Code Execution

ADVISORIES

GEM

activesupport

FRAMEWORK

rails

SEVERITY

CVSS v2: 9.3

PATCHED VERSIONS

  • ~> 2.3.16
  • >= 3.0.20

DESCRIPTION

Ruby on Rails contains a flaw in the JSON parser. Rails supports multiple parsing backends, one of which involves transforming JSON into YAML via the YAML parser. With a specially crafted payload, an attacker can subvert the backend into decoding a subset of YAML. This may allow a remote attacker to bypass restrictions, allowing them to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.