Description
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
Remediation
References
Related Vulnerabilities
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.2)
WordPress Plugin wpForo Forum Cross-Site Scripting (1.4.11)
WordPress Plugin Essential Content Types Security Bypass (1.8.6)
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.9)
WordPress Plugin EWWW Image Optimizer Cross-Site Request Forgery (5.8.1)