Description

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

Remediation

References

CVE-2013-0277

Related Vulnerabilities

IBM RTC Improper Privilege Management Vulnerability (CVE-2021-29774)

MySQL CVE-2022-21625 Vulnerability (CVE-2022-21625)

ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)

Jboss EAP Improper Input Validation Vulnerability (CVE-2010-3862)

WordPress Plugin Click to Copy Grab Box Multiple Cross-Site Scripting Vulnerabilities (0.1.1)

Severity

Critical

Classification

CVE-2013-0277

Tags

Missing Update Known Vulnerabilities