Lucene search

[email protected]CVE-2013-0277

HistoryFeb 13, 2013 - 1:55 a.m.

CVE-2013-0277

2013-02-1301:55:05

[email protected]

web.nvd.nist.gov

cve-2013-0277

activerecord

ruby on rails

remote attack

denial of service

arbitrary code execution

serialized attributes

yaml

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.099 Low

EPSS

Percentile

94.9%

JSON

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

Affected configurations

NVD

Node

rubyonrailsrailsMatch3.0.0

rubyonrailsrailsMatch3.0.0beta

rubyonrailsrailsMatch3.0.0beta2

rubyonrailsrailsMatch3.0.0beta3

rubyonrailsrailsMatch3.0.0beta4

rubyonrailsrailsMatch3.0.0rc

rubyonrailsrailsMatch3.0.0rc2

rubyonrailsrailsMatch3.0.1

rubyonrailsrailsMatch3.0.1pre

rubyonrailsrailsMatch3.0.2

rubyonrailsrailsMatch3.0.2pre

rubyonrailsrailsMatch3.0.3

rubyonrailsrailsMatch3.0.4rc1

rubyonrailsrailsMatch3.0.5

rubyonrailsrailsMatch3.0.5rc1

rubyonrailsrailsMatch3.0.6

rubyonrailsrailsMatch3.0.6rc1

rubyonrailsrailsMatch3.0.6rc2

rubyonrailsrailsMatch3.0.7

rubyonrailsrailsMatch3.0.7rc1

rubyonrailsrailsMatch3.0.7rc2

rubyonrailsrailsMatch3.0.8

rubyonrailsrailsMatch3.0.8rc1

rubyonrailsrailsMatch3.0.8rc2

rubyonrailsrailsMatch3.0.8rc3

rubyonrailsrailsMatch3.0.8rc4

rubyonrailsrailsMatch3.0.9

rubyonrailsrailsMatch3.0.9rc1

rubyonrailsrailsMatch3.0.9rc2

rubyonrailsrailsMatch3.0.9rc3

rubyonrailsrailsMatch3.0.9rc4

rubyonrailsrailsMatch3.0.9rc5

rubyonrailsrailsMatch3.0.10

rubyonrailsrailsMatch3.0.10rc1

rubyonrailsrailsMatch3.0.11

rubyonrailsrailsMatch3.0.12

rubyonrailsrailsMatch3.0.12rc1

rubyonrailsrailsMatch3.0.13

rubyonrailsrailsMatch3.0.13rc1

rubyonrailsrailsMatch3.0.14

rubyonrailsrailsMatch3.0.16

rubyonrailsrailsMatch3.0.17

rubyonrailsrailsMatch3.0.18

rubyonrailsrailsMatch3.0.19

rubyonrailsrailsMatch3.0.20

rubyonrailsruby_on_railsMatch3.0.4

Node

rubyonrailsrailsMatch2.3.0

rubyonrailsrailsMatch2.3.1

rubyonrailsrailsMatch2.3.2

rubyonrailsrailsMatch2.3.3

rubyonrailsrailsMatch2.3.4

rubyonrailsrailsMatch2.3.9

rubyonrailsrailsMatch2.3.10

rubyonrailsrailsMatch2.3.11

rubyonrailsrailsMatch2.3.12

rubyonrailsrailsMatch2.3.13

rubyonrailsrailsMatch2.3.14

rubyonrailsrailsMatch2.3.15

rubyonrailsrailsMatch2.3.16

CPENameOperatorVersion
rubyonrails:railsrubyonrails railseq3.0.0
rubyonrails:railsrubyonrails railseq3.0.1
rubyonrails:railsrubyonrails railseq3.0.2
rubyonrails:railsrubyonrails railseq3.0.3
rubyonrails:railsrubyonrails railseq3.0.4
rubyonrails:railsrubyonrails railseq3.0.5
rubyonrails:railsrubyonrails railseq3.0.6
rubyonrails:railsrubyonrails railseq3.0.7
rubyonrails:railsrubyonrails railseq3.0.8
rubyonrails:railsrubyonrails railseq3.0.9

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	eq	3.0.0
rubyonrails:rails	rubyonrails rails	eq	3.0.1
rubyonrails:rails	rubyonrails rails	eq	3.0.2
rubyonrails:rails	rubyonrails rails	eq	3.0.3
rubyonrails:rails	rubyonrails rails	eq	3.0.4
rubyonrails:rails	rubyonrails rails	eq	3.0.5
rubyonrails:rails	rubyonrails rails	eq	3.0.6
rubyonrails:rails	rubyonrails rails	eq	3.0.7
rubyonrails:rails	rubyonrails rails	eq	3.0.8
rubyonrails:rails	rubyonrails rails	eq	3.0.9