Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-16048CEA19748C5750F6CF3FF14BC41EHistoryJan 30, 2013 - 12:00 a.m.
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
2013-01-3000:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
20
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gem/activesupport | lt | 2.3.16 | |
| gem/activesupport | ge | 2.4.0 | |
| gem/activesupport | lt | 3.0.20 |
Related
seebug
seebug
Ruby on Rails 'convert_json_to_yaml()'ćšćłĺŽĺ
¨ćźć´
2013-01-30 00:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
Fedora 17 : rubygem-activesupport-3.0.11-8.fc17 (2013-1710)
2013-02-11 00:00:00
Fedora 16 : rubygem-activesupport-3.0.10-6.fc16 (2013-1745)
2013-02-11 00:00:00
RHEL 6 : rubygem-activesupport (RHSA-2013:0202)
2018-12-06 00:00:00
debian
debian
[SECURITY] [DSA 2613-1] rails security update
2013-01-30 07:33:38
redhat
redhat
(RHSA-2013:0201) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0202) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 2613-1 (rails - insufficient input validation)
2013-01-29 00:00:00
Debian: Security Advisory (DSA-2613-1)
2013-01-28 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-11 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2613-1] rails security update
2013-02-04 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-04 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-03-24 00:00:00
osv
osv
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
cert
cert
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
veracode
veracode
Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass
2019-01-15 08:54:45
packetstorm
packetstorm
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
threatpost
threatpost
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
ubuntucve
ubuntucve
CVE-2013-0333
2013-01-30 00:00:00
cve
cve
CVE-2013-0333
2013-01-30 12:00:00
prion
prion
Sql injection
2013-01-30 12:00:00
debiancve
debiancve
CVE-2013-0333
2013-01-30 12:00:00
github
github
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
rubygems
rubygems
CVE-2013-0333 rubygem-activesupport: json to yaml parsing
2013-01-27 20:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-8.fc17
2013-02-10 04:38:36
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-6.fc16
2013-02-10 04:28:15
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-9.fc17
2013-03-30 21:30:40
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Related for GITLAB-16048CEA19748C5750F6CF3FF14BC41E