3 matches found
CVE-2013-0285
The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...
CVE-2013-0285
The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...
CVE-2013-0285
The CVE-2013-0285 entry concerns the nori gem for Ruby. Affected versions: nori 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3. Root cause: improper restriction of casts for string values during YAML type conversion or Symbol type conversion, enabling remote object-injection attac...