CVE-2013-0285

🗓️ 22 May 2025 04:44:30Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 7 Views

CVE-2013-0285 in nori gem allows remote code execution and denial of service via object-injection attacks.

Reporter	Title	Published	Views	Family All 153
0day.today	Action Pack Multiple Vulnerabilities	9 Jan 201300:00	–	zdt
0day.today	Ruby On Rails XML Processor YAML Deserialization Code Execution	11 Jan 201300:00	–	zdt
0day.today	Ruby on Rails JSON Processor YAML Deserialization Code Execution	29 Jan 201300:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)	25 Jan 202120:13	–	ibm
GithubExploit	Exploit for Improper Input Validation in Rubyonrails Rails	28 Aug 202522:15	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Rubyonrails Rails	12 Jan 201313:37	–	githubexploit
Tenable Nessus	Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)	16 Mar 201300:00	–	nessus
Tenable Nessus	Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)	16 Mar 201300:00	–	nessus
Tenable Nessus	Debian DLA-172-1 : libextlib-ruby security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Debian DSA-2604-1 : rails - insufficient input validation	10 Jan 201300:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord

13 Oct 2025 15:47Current

8.1High risk

Vulners AI Score8.1

CVSS 27.5

EPSS0.91907

cve-2013-0285 nori gem object-injection attack arbitrary code execution denial of service