Remote Code Execution (RCE)
Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to Remote Code Execution RCE. When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can...