Denial of Service and Code Execution Vulnerability in Ruby on Rails by ActiveRecord
CVE-2013-0277

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Ruby On Rails
Rails
Vendor
CVE Published:
13 February 2013

What is CVE-2013-0277?

ActiveRecord in Ruby on Rails versions prior to 2.3.17 and 3.x before 3.1.0 is susceptible to a vulnerability that allows remote attackers to perform denial of service attacks or execute arbitrary code. This occurs due to the improper handling of serialized attributes that results in the deserialization of crafted YAML input, facilitating potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://securitytracker.com/id?1028109
vdb-entryx_refsource_SECTRACK
https://puppet.com/security/cve/cve-2013-0277
x_refsource_CONFIRM
http://support.apple.com/kb/HT5784
x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.