Deserialization Vulnerability in Kredis by Ruby on Rails
CVE-2023-27531

Currently unrated

Key Information:

Vendor: Rails
Status: Kredis Json
Vendor: CVE Published:; 9 January 2025

What is CVE-2023-27531?

A vulnerability exists in Kredis related to the JSON deserialization process, where untrusted data may be improperly handled. This can lead to various security issues, making it crucial for developers using Kredis in their Ruby on Rails applications to ensure they are using the updated versions that address this flaw. Failing to do so could expose applications to potential attacks that manipulate serialized data.

Affected Version(s)

Kredis JSON 1.3.0.1

References

https://discuss.rubyonrails.org/t/cve-2023-27531-possible...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Mar 2, 2023