The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

CPENameOperatorVersion
extlibeq0.9.6
extlibeq0.9.14
extlibeq0.9.8
extlibeq0.9.11
extlibeq0.9.5
extlibeq0.9.9
extlibeq0.9.4
extlibeq0.9.12
extlibeq0.9.2
extlibeq0.9.7

Name	Operator	Version
extlib	eq	0.9.6
extlib	eq	0.9.14
extlib	eq	0.9.8
extlib	eq	0.9.11
extlib	eq	0.9.5
extlib	eq	0.9.9
extlib	eq	0.9.4
extlib	eq	0.9.12
extlib	eq	0.9.2
extlib	eq	0.9.7

Rows per page:

1-10 of 141

References

lists.opensuse.org/opensuse-security-announce/2013-04/msg00002.html

bugzilla.redhat.com/show_bug.cgi?id=917233

github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5

support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately

osv 9

github 7

cve 7

ubuntucve 5

nvd 7

cvelist 7

debiancve 5

openvas 41

nessus 15

metasploit 4

prion 6

packetstorm 2

redhat 2

zdt 2

seebug 2

threatpost 3

thn 2

saint 4

gitlab 1

checkpoint_advisories 1

kitploit 2

debian 2

cert 2

veracode 2

rubygems 4

exploitdb 2

suse 6

ics 1

fedora 16

freebsd 2

nmap 1

ibm 1

securityvulns 2

gentoo 1

osv

extlib does not properly restrict casts of string values

2017-10-24 18:33:37

libextlib-ruby - security update

2015-03-14 00:00:00

rails - insufficient input validation

2013-01-09 00:00:00

github

extlib does not properly restrict casts of string values

2017-10-24 18:33:37

actionpack Improper Input Validation vulnerability

2017-10-24 18:33:37

nori contains Improper Input Validation

2017-10-24 18:33:37

cve

CVE-2013-1802

2013-04-09 20:55:01

CVE-2013-0156

2013-01-13 22:55:00

CVE-2013-0175

2013-04-25 23:55:01

ubuntucve

CVE-2013-1802

2013-04-09 00:00:00

CVE-2013-0156

2013-01-13 00:00:00

CVE-2013-0285

2013-04-09 00:00:00

nvd

CVE-2013-1802

2013-04-09 20:55:01

CVE-2013-0156

2013-01-13 22:55:00

CVE-2013-1801

2013-04-09 20:55:01

cvelist

CVE-2013-1802

2013-04-09 20:00:00

CVE-2013-0156

2013-01-13 22:00:00

CVE-2013-1801

2013-04-09 20:00:00

debiancve

CVE-2013-1802

2013-04-09 20:55:01

CVE-2013-0156

2013-01-13 22:55:00

CVE-2013-1800

2013-04-09 20:55:01

openvas

Debian: Security Advisory (DLA-172-1)

2023-03-08 00:00:00

Debian: Security Advisory (DSA-2604-1)

2013-01-08 00:00:00

Ruby on Rails XML Processor YAML Deserialization RCE Vulnerability

2013-01-18 00:00:00

nessus

RHEL 6 : Ruby on Rails (RHSA-2013:0153)

2018-12-06 00:00:00

Debian DLA-172-1 : libextlib-ruby security update

2015-03-26 00:00:00

Debian DSA-2604-1 : rails - insufficient input validation

2013-01-10 00:00:00

metasploit

Ruby on Rails XML Processor YAML Deserialization Code Execution

2013-01-10 05:10:13

Ruby on Rails XML Processor YAML Deserialization Scanner

2013-01-09 18:50:38

Ruby on Rails JSON Processor YAML Deserialization Scanner

2013-02-11 22:48:44

prion

Type confusion

2013-01-13 22:55:00

Type confusion

2013-04-09 20:55:00

Design/Logic Flaw

2013-04-09 20:55:00

packetstorm

Ruby On Rails XML Processor YAML Deserialization Code Execution

2013-01-11 00:00:00

Ruby on Rails JSON Processor YAML Deserialization Code Execution

2013-01-29 00:00:00

redhat

(RHSA-2013:0153) Critical: Ruby on Rails security update

2013-01-10 00:00:00

(RHSA-2013:0154) Critical: Ruby on Rails security update

2013-01-10 20:37:00

zdt

Ruby On Rails XML Processor YAML Deserialization Code Execution

2013-01-11 00:00:00

Action Pack Multiple Vulnerabilities

2013-01-09 00:00:00

seebug

Ruby on Rails JSON Processor YAML Deserialization Code Execution

2013-02-03 00:00:00

Ruby on Rails XML Processor YAML Deserialization Code Execution

2014-07-01 00:00:00

threatpost

Ruby on Rails Exploit Harvests IRC Botnet

2013-05-28 18:56:05

Exploit Code, Metasploit Module Out for Ruby on Rails Flaws

2013-01-10 15:01:40

Some Versions of Ruby on Rails Vulnerable to New Parsing Attack

2013-01-29 17:47:51

thn

Ruby on Rails exploit could hijack unpatched servers for botnet

2013-05-30 16:53:00

Ruby on Rails exploit could hijack unpatched servers for botnet

2013-05-31 03:53:00

saint

Ruby on Rails XML Processor YAML Deserialization

2013-02-15 00:00:00

Ruby on Rails XML Processor YAML Deserialization

2013-02-15 00:00:00

Ruby on Rails XML Processor YAML Deserialization

2013-02-15 00:00:00

gitlab

Multiple vulnerabilities in parameter parsing in Action Pack

2013-01-13 00:00:00

checkpoint_advisories

Ruby on Rails XML Processor YAML Deserialization Code Execution (CVE-2013-0156)

2013-01-20 00:00:00

kitploit

[Nmap v6.40] Free Security Scanner For Network Exploration & Security Audits

2013-08-21 01:33:00

Dawnscanner - Dawn Is A Static Analysis Security Scanner For Ruby Written Web Applications (Sinatra, Padrino And ROR Frameworks)

2018-12-11 20:43:00

debian

[SECURITY] [DSA 2604-1] rails security update

2013-01-09 19:17:20

[SECURITY] [DLA 172-1] libextlib-ruby security update

2015-03-14 19:01:22

cert

Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parameters

2013-01-08 00:00:00

Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability

2013-01-28 00:00:00

veracode

Denial Of Service (DoS) Memory Consumption, Arbitrary Code Execution And Object-injection Attacks

2019-01-15 08:53:34

Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass

2019-01-15 08:54:45

rubygems

CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

2013-01-07 20:00:00

Ruby Gem nori Parameter Parsing Remote Code Execution

2013-01-09 20:00:00

CVE-2013-0333 rubygem-activesupport: json to yaml parsing

2013-01-27 20:00:00

exploitdb

Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)

2013-01-29 00:00:00

Ruby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit)

2013-01-10 00:00:00

suse

Security update for rubygem-extlib (important)

2013-04-03 20:10:37

ruby on rails to 2.3.16 (important)

2013-02-12 11:04:29

ruby on rails to 2.3.16 (important)

2013-02-12 10:10:39

ics

Wonderware Intelligence Tableau Server Ruby on Rails Improper Input Validation (Update A)

2013-02-21 00:00:00

fedora

[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-3.fc18

2013-03-30 21:27:44

[SECURITY] Fedora 18 Update: rubygem-actionpack-3.2.8-2.fc18

2013-01-20 03:40:48

[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-2.fc16

2013-01-23 01:34:00

freebsd

rubygem-rails -- multiple vulnerabilities

2013-01-08 00:00:00

puppet27 and puppet -- multiple vulnerabilities

2013-03-13 00:00:00

nmap

http-vuln-cve2013-0156 NSE Script

2013-04-25 03:15:33

ibm

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

2021-01-25 20:13:51

securityvulns

Apple Mac OS X multiple security vulnerabilities

2013-03-24 00:00:00

APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001

2013-03-24 00:00:00

gentoo

Ruby on Rails: Multiple vulnerabilities

2014-12-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

Low

0.973 High

EPSS

Percentile

99.9%

JSON

Related for PRION:CVE-2013-1802