ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows
remote attackers to cause a denial of service or execute arbitrary code via crafted
serialized attributes that cause the +serialize+ helper to deserialize arbitrary
YAML.

CPENameOperatorVersion
activerecordle2.3.16
activerecordge2.4.0
activerecordlt3.1.0

Name	Operator	Version
activerecord	le	2.3.16
activerecord	ge	2.4.0
activerecord	lt	3.1.0

References

nvd.nist.gov/vuln/detail/CVE-2013-0277

github 1

seebug 1

cve 1

ubuntucve 1

debiancve 1

nessus 5

prion 1

osv 2

gitlab 1

openvas 6

debian 1

securityvulns 4

threatpost 1

fedora 1

suse 2

gentoo 1

github

Active Record contains deserialization of arbitrary YAML

2017-10-24 18:33:37

seebug

Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)

2013-03-07 00:00:00

cve

CVE-2013-0277

2013-02-13 01:55:00

ubuntucve

CVE-2013-0277

2013-02-13 00:00:00

debiancve

CVE-2013-0277

2013-02-13 01:55:00

nessus

Fedora 17 : rubygem-activerecord-3.0.11-6.fc17 (2013-2351)

2013-02-21 00:00:00

Debian DSA-2620-1 : rails - several vulnerabilities

2013-02-13 00:00:00

openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)

2014-06-13 00:00:00

prion

Code injection

2013-02-13 01:55:00

osv

Active Record contains deserialization of arbitrary YAML

2017-10-24 18:33:37

rails - several

2013-02-12 00:00:00

gitlab

Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

2013-02-12 00:00:00

openvas

Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)

2013-02-12 00:00:00

Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)

2013-02-12 00:00:00

Fedora Update for rubygem-activerecord FEDORA-2013-2351

2013-02-22 00:00:00

debian

[SECURITY] [DSA 2620-1] rails security update

2013-02-12 21:09:50

securityvulns

[SECURITY] [DSA 2620-1] rails security update

2013-02-18 00:00:00

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

2013-02-18 00:00:00

Apple Mac OS X multiple security vulnerabilities

2013-06-17 00:00:00

threatpost

Ruby on Rails Patches DoS, Remote Execution Flaws

2013-02-13 17:51:57

fedora

[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-6.fc17

2013-02-21 05:33:12

suse

Security update for Ruby On Rails (important)

2013-03-19 18:04:46

Security update for Ruby on Rails (important)

2013-04-03 20:06:19

gentoo

Ruby on Rails: Multiple vulnerabilities

2014-12-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for RUBY:ACTIVERECORD-2013-0277-90073