Lucene search

CVE-2013-0277

🗓️ 13 Feb 2013 01:05:55Reported by redhatType

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes

Reporter	Title	Published	Views	Family All 32
Github Security Blog	Active Record contains deserialization of arbitrary YAML	24 Oct 201718:33	–	github
seebug.org	Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)	7 Mar 201300:00	–	seebug
NVD	CVE-2013-0277	13 Feb 201301:55	–	nvd
UbuntuCve	CVE-2013-0277	13 Feb 201300:00	–	ubuntucve
Cvelist	CVE-2013-0277	13 Feb 201301:00	–	cvelist
RubySec	CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0	10 Feb 201320:00	–	rubygems
Debian CVE	CVE-2013-0277	13 Feb 201301:55	–	debiancve
OSV	Active Record contains deserialization of arbitrary YAML	24 Oct 201718:33	–	osv
OSV	rails - several	12 Feb 201300:00	–	osv
Prion	Code injection	13 Feb 201301:55	–	prion

Nvd

Node

rubyonrails railsMatch3.0.0

rubyonrails railsMatch3.0.0beta

rubyonrails railsMatch3.0.0beta2

rubyonrails railsMatch3.0.0beta3

rubyonrails railsMatch3.0.0beta4

rubyonrails railsMatch3.0.0rc

rubyonrails railsMatch3.0.0rc2

rubyonrails railsMatch3.0.1

rubyonrails railsMatch3.0.1pre

rubyonrails railsMatch3.0.2

rubyonrails railsMatch3.0.2pre

rubyonrails railsMatch3.0.3

rubyonrails railsMatch3.0.4rc1

rubyonrails railsMatch3.0.5

rubyonrails railsMatch3.0.5rc1

rubyonrails railsMatch3.0.6

rubyonrails railsMatch3.0.6rc1

rubyonrails railsMatch3.0.6rc2

rubyonrails railsMatch3.0.7

rubyonrails railsMatch3.0.7rc1

rubyonrails railsMatch3.0.7rc2

rubyonrails railsMatch3.0.8

rubyonrails railsMatch3.0.8rc1

rubyonrails railsMatch3.0.8rc2

rubyonrails railsMatch3.0.8rc3

rubyonrails railsMatch3.0.8rc4

rubyonrails railsMatch3.0.9

rubyonrails railsMatch3.0.9rc1

rubyonrails railsMatch3.0.9rc2

rubyonrails railsMatch3.0.9rc3

rubyonrails railsMatch3.0.9rc4

rubyonrails railsMatch3.0.9rc5

rubyonrails railsMatch3.0.10

rubyonrails railsMatch3.0.10rc1

rubyonrails railsMatch3.0.11

rubyonrails railsMatch3.0.12

rubyonrails railsMatch3.0.12rc1

rubyonrails railsMatch3.0.13

rubyonrails railsMatch3.0.13rc1

rubyonrails railsMatch3.0.14

rubyonrails railsMatch3.0.16

rubyonrails railsMatch3.0.17

rubyonrails railsMatch3.0.18

rubyonrails railsMatch3.0.19

rubyonrails railsMatch3.0.20

rubyonrails ruby_on_railsMatch3.0.4

Node

rubyonrails railsMatch2.3.0

rubyonrails railsMatch2.3.1

rubyonrails railsMatch2.3.2

rubyonrails railsMatch2.3.3

rubyonrails railsMatch2.3.4

rubyonrails railsMatch2.3.9

rubyonrails railsMatch2.3.10

rubyonrails railsMatch2.3.11

rubyonrails railsMatch2.3.12

rubyonrails railsMatch2.3.13

rubyonrails railsMatch2.3.14

rubyonrails railsMatch2.3.15

rubyonrails railsMatch2.3.16

Source	Link
securitytracker	www.securitytracker.com/id
groups	www.groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837
puppet	www.puppet.com/security/cve/cve-2013-0277
osvdb	www.osvdb.org/90073
weblog	www.weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
lists	www.lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
openwall	www.openwall.com/lists/oss-security/2013/02/11/6
secunia	www.secunia.com/advisories/52112
lists	www.lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
support	www.support.apple.com/kb/HT5784

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Feb 2013 01:55Current

7.5High risk

Vulners AI Score7.5

CVSS210

EPSS0.12782