Denial of Service and Code Execution Vulnerability in Ruby on Rails by ActiveRecord
CVE-2013-0277

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 13 February 2013

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2013-0277?

ActiveRecord in Ruby on Rails versions prior to 2.3.17 and 3.x before 3.1.0 is susceptible to a vulnerability that allows remote attackers to perform denial of service attacks or execute arbitrary code. This occurs due to the improper handling of serialized attributes that results in the deserialization of crafted YAML input, facilitating potential exploitation.

References

http://securitytracker.com/id?1028109

vdb-entryx_refsource_SECTRACK

https://puppet.com/security/cve/cve-2013-0277

x_refsource_CONFIRM

http://support.apple.com/kb/HT5784

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2013
Vulnerability Reserved
Dec 6, 2012