Lucene search
GoogleOSV:DSA-2620-1HistoryFeb 12, 2013 - 12:00 a.m.
rails - several
2013-02-1200:00:00
Google
osv.dev
13
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.099 Low
EPSS
Percentile
94.0%
Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework
for web application development.
- CVE-2013-0276
The blacklist provided by the attr_protected method could be
bypassed with crafted requests, having an application-specific
impact. - CVE-2013-0277
In some applications, the +serialize+ helper in ActiveRecord
could be tricked into deserializing arbitrary YAML data,
possibly leading to remote code execution.
For the stable distribution (squeeze), these problems have been fixed
in version 2.3.5-1.2+squeeze7.
We recommend that you upgrade your rails packages.
References
Related
nessus
nessus
Debian DSA-2620-1 : rails - several vulnerabilities
2013-02-13 00:00:00
Fedora 17 : rubygem-activemodel-3.0.11-3.fc17 (2013-2391)
2013-02-21 00:00:00
openvas
openvas
Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)
2013-02-12 00:00:00
Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)
2013-02-12 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
debian
debian
[SECURITY] [DSA 2620-1] rails security update
2013-02-12 21:09:50
securityvulns
securityvulns
[SECURITY] [DSA 2620-1] rails security update
2013-02-18 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-18 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
github
github
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
Active Record contains deserialization of arbitrary YAML
2017-10-24 18:33:37
osv
osv
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
Active Record contains deserialization of arbitrary YAML
2017-10-24 18:33:37
gitlab
gitlab
Circumvention of attr_protected
2013-02-12 00:00:00
Circumvention of attr_protected
2013-02-12 00:00:00
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
2013-02-12 00:00:00
debiancve
debiancve
CVE-2013-0276
2013-02-13 01:55:00
CVE-2013-0277
2013-02-13 01:55:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activemodel-3.2.8-2.fc18
2013-02-21 05:37:58
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
2013-02-21 05:38:11
[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-6.fc17
2013-02-21 05:33:12
seebug
seebug
Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)
2013-03-07 00:00:00
Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)
2013-03-07 00:00:00
prion
prion
Cross site request forgery (csrf)
2013-02-13 01:55:00
Code injection
2013-02-13 01:55:00
freebsd
freebsd
Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-0276
2013-02-13 00:00:00
CVE-2013-0277
2013-02-13 00:00:00
cve
cve
CVE-2013-0276
2013-02-13 01:55:00
CVE-2013-0277
2013-02-13 01:55:00
suse
suse
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
rubygems
rubygems
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:44:25
Input Validation Bypass
2019-05-02 04:44:16
redhat
redhat
(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update
2013-03-26 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.099 Low
EPSS
Percentile
94.0%
Related for OSV:DSA-2620-1