CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS7.5AI score0.91907EPSS

Exploits21References12

OSV•added 2013/04/09 8:55 p.m.•1 views

UBUNTU-CVE-2013-0285

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS6.1AI score0.015EPSS

Exploits21References2

Debian CVE•added 2013/04/09 8:0 p.m.•45 views

CVE-2013-1802

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

7.5CVSS6.9AI score0.01686EPSS

Exploits1

Prion•added 2013/01/30 12:0 p.m.•37 views

Sql injection

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

7.5CVSS8.7AI score0.91907EPSS

Exploits22References11Affected Software2

Debian CVE•added 2013/01/30 11:0 a.m.•50 views

CVE-2013-0333

7.5CVSS10.3AI score0.91761EPSS

Exploits7

OSV•added 2013/01/13 10:55 p.m.•10 views

CVE-2013-0156

7.5CVSS7.5AI score0.91907EPSS

Exploits21References17