Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2013-0277
HistoryFeb 13, 2013 - 1:55 a.m.

CVE-2013-0277

2013-02-1301:55:00
Debian Security Bug Tracker
security-tracker.debian.org
17

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.7%

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.7%

Related for DEBIANCVE:CVE-2013-0277