Lucene search

K
cve[email protected]CVE-2013-0277
HistoryFeb 13, 2013 - 1:55 a.m.

CVE-2013-0277

2013-02-1301:55:00
NVD-CWE-noinfo
web.nvd.nist.gov
82
cve-2013-0277
activerecord
ruby on rails
remote attack
denial of service
arbitrary code execution
serialized attributes
yaml
nvd

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.7%

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.7%