Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-0333HistoryJan 30, 2013 - 12:00 p.m.
CVE-2013-0333
2013-01-3012:00:00
Debian Security Bug Tracker
security-tracker.debian.org
31
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | rails | <Â 2.3.14.1 | rails_2.3.14.1_all.deb |
| Debian | 11 | all | rails | <Â 2.3.14.1 | rails_2.3.14.1_all.deb |
| Debian | 10 | all | rails | <Â 2.3.14.1 | rails_2.3.14.1_all.deb |
| Debian | 999 | all | rails | <Â 2.3.14.1 | rails_2.3.14.1_all.deb |
| Debian | 13 | all | rails | <Â 2.3.14.1 | rails_2.3.14.1_all.deb |
Related
osv
osv
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
rails - insufficient input validation
2013-01-09 00:00:00
cert
cert
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
nessus
nessus
Mac OS X : OS X Server < 2.2.1 Multiple Vulnerabilities
2013-02-05 00:00:00
Fedora 17 : rubygem-activesupport-3.0.11-8.fc17 (2013-1710)
2013-02-11 00:00:00
Fedora 16 : rubygem-activesupport-3.0.10-6.fc16 (2013-1745)
2013-02-11 00:00:00
ubuntucve
ubuntucve
cve
cve
veracode
veracode
packetstorm
packetstorm
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
threatpost
threatpost
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
2013-01-10 15:01:40
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
prion
prion
github
github
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
nori contains Improper Input Validation
2017-10-24 18:33:37
rubygems
rubygems
CVE-2013-0333 rubygem-activesupport: json to yaml parsing
2013-01-27 20:00:00
Ruby Gem nori Parameter Parsing Remote Code Execution
2013-01-09 20:00:00
openvas
openvas
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-11 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-11 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4130
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-8.fc17
2013-02-10 04:38:36
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-6.fc16
2013-02-10 04:28:15
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-9.fc17
2013-03-30 21:30:40
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
checkpoint_advisories
checkpoint_advisories
debian
debian
[SECURITY] [DSA 2613-1] rails security update
2013-01-30 07:33:38
[SECURITY] [DLA 172-1] libextlib-ruby security update
2015-03-14 19:01:22
[SECURITY] [DSA 2604-1] rails security update
2013-01-09 19:17:20
seebug
seebug
Ruby on Rails 'convert_json_to_yaml()'ćšćłĺŽĺ
¨ćźć´
2013-01-30 00:00:00
Ruby on Rails XML Processor YAML Deserialization Code Execution
2014-07-01 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-02-03 00:00:00
gitlab
gitlab
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
2013-01-30 00:00:00
Multiple vulnerabilities in parameter parsing in Action Pack
2013-01-13 00:00:00
redhat
redhat
(RHSA-2013:0201) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0202) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2613-1] rails security update
2013-02-04 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-04 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-03-24 00:00:00
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
debiancve
debiancve
zdt
zdt
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
kitploit
kitploit
exploitdb
exploitdb
ics
ics
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
puppet27 and puppet -- multiple vulnerabilities
2013-03-13 00:00:00
nmap
nmap
http-vuln-cve2013-0156 NSE Script
2013-04-25 03:15:33
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Related for DEBIANCVE:CVE-2013-0333