Lucene search
RedhatCVELIST:CVE-2013-0333HistoryJan 30, 2013 - 11:00 a.m.
CVE-2013-0333
2013-01-3011:00:00
redhat
www.cve.org
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
References
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
rhn.redhat.com/errata/RHSA-2013-0201.html
rhn.redhat.com/errata/RHSA-2013-0202.html
rhn.redhat.com/errata/RHSA-2013-0203.html
support.apple.com/kb/HT5784
weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
www.debian.org/security/2013/dsa-2613
www.kb.cert.org/vuls/id/628463
groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain
puppet.com/security/cve/cve-2013-0333
Related
osv
osv
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
rails - insufficient input validation
2013-01-09 00:00:00
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
cert
cert
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
packetstorm
packetstorm
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
threatpost
threatpost
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
2013-01-10 15:01:40
veracode
veracode
nvd
nvd
cve
cve
ubuntucve
ubuntucve
nessus
nessus
Mac OS X : OS X Server < 2.2.1 Multiple Vulnerabilities
2013-02-05 00:00:00
Fedora 17 : rubygem-activesupport-3.0.11-8.fc17 (2013-1710)
2013-02-11 00:00:00
Fedora 16 : rubygem-activesupport-3.0.10-6.fc16 (2013-1745)
2013-02-11 00:00:00
prion
prion
debiancve
debiancve
github
github
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
nori contains Improper Input Validation
2017-10-24 18:33:37
rubygems
rubygems
CVE-2013-0333 rubygem-activesupport: json to yaml parsing
2013-01-27 20:00:00
CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack
2013-01-07 20:00:00
Ruby Gem nori Parameter Parsing Remote Code Execution
2013-01-09 20:00:00
openvas
openvas
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-11 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-11 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4130
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-8.fc17
2013-02-10 04:38:36
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-6.fc16
2013-02-10 04:28:15
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-9.fc17
2013-03-30 21:30:40
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
gitlab
gitlab
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
2013-01-30 00:00:00
Multiple vulnerabilities in parameter parsing in Action Pack
2013-01-13 00:00:00
debian
debian
[SECURITY] [DSA 2613-1] rails security update
2013-01-30 07:33:38
[SECURITY] [DSA 2604-1] rails security update
2013-01-09 19:17:20
[SECURITY] [DLA 172-1] libextlib-ruby security update
2015-03-14 19:01:22
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Ruby on Rails 'convert_json_to_yaml()'ćšćłĺŽĺ
¨ćźć´
2013-01-30 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-02-03 00:00:00
Ruby on Rails XML Processor YAML Deserialization Code Execution
2014-07-01 00:00:00
redhat
redhat
(RHSA-2013:0201) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0202) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
zdt
zdt
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
cvelist
cvelist
securityvulns
securityvulns
[SECURITY] [DSA 2613-1] rails security update
2013-02-04 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-04 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-03-24 00:00:00
kitploit
kitploit
exploitdb
exploitdb
ics
ics
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
puppet27 and puppet -- multiple vulnerabilities
2013-03-13 00:00:00
nmap
nmap
http-vuln-cve2013-0156 NSE Script
2013-04-25 03:15:33
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
