10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.099 Low
EPSS
Percentile
94.8%
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.
CPE | Name | Operator | Version |
---|---|---|---|
gem/activerecord | lt | 2.3.17 | |
gem/activerecord | ge | 2.4.0 | |
gem/activerecord | lt | 3.1.0 |