Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive


gem: actionpack
date: 2013-01-08
cve: 2013-0156
title: Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing Remote
  Code Execution
description: |
  Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
  The issue is triggered when a type casting error occurs during the parsing
  of parameters. This may allow a remote attacker to potentially execute
  arbitrary code.
cvss_v2: '10.0'
- "~> 2.3.15"
- "~> 3.0.19"
- "~> 3.1.10"
- ">= 3.2.11"