Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: actionpack
date: 2013-01-08
url: http://osvdb.org/show/osvdb/89026
cve: 2013-0156
title: Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing Remote
  Code Execution
description: |
  Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
  The issue is triggered when a type casting error occurs during the parsing
  of parameters. This may allow a remote attacker to potentially execute
  arbitrary code.
cvss_v2: '10.0'
patched_versions:
- "~> 2.3.15"
- "~> 3.0.19"
- "~> 3.1.10"
- ">= 3.2.11"