Description
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
Remediation
References
Related Vulnerabilities
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.3)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)
WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)
XWiki Incorrect Authorization Vulnerability (CVE-2023-50732)