Description

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

Remediation

References

CVE-2013-0333

Related Vulnerabilities

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.20)

WordPress Plugin WPJobBoard SQL Injection (5.6.4)

WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.0)

WordPress Plugin Handsome Testimonials & Reviews SQL Injection (2.0.7)

Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)

Severity

High

Classification

CVE-2013-0333

Tags

Missing Update Known Vulnerabilities