Description
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Simple Booking Calendar SQL Injection (2.0.6)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5492)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)
WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)