Lucene search
RootSSV:60612HistoryJan 30, 2013 - 12:00 a.m.
Ruby on Rails 'convert_json_to_yaml()'方法安全漏洞
2013-01-3000:00:00
Root
www.seebug.org
26
0.974 High
EPSS
Percentile
99.9%
BUGTRAQ ID: 57575
CVE(CAN) ID: CVE-2013-0333
Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。
Ruby on Rails 3.0.20、2.3.16之前版本在解码YAML输入时,JSON Parser的"convert_json_to_yaml()"方法内存在输入验证错误,可允许执行任意代码。
0
Ruby on Rails 3.x
Ruby on Rails 2.x
厂商补丁:
Ruby on Rails
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
checkpoint_advisories
checkpoint_advisories
nessus
nessus
Fedora 17 : rubygem-activesupport-3.0.11-8.fc17 (2013-1710)
2013-02-11 00:00:00
Fedora 16 : rubygem-activesupport-3.0.10-6.fc16 (2013-1745)
2013-02-11 00:00:00
RHEL 6 : rubygem-activesupport (RHSA-2013:0202)
2018-12-06 00:00:00
debian
debian
[SECURITY] [DSA 2613-1] rails security update
2013-01-30 07:33:38
gitlab
gitlab
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
2013-01-30 00:00:00
redhat
redhat
(RHSA-2013:0201) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0202) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 2613-1 (rails - insufficient input validation)
2013-01-29 00:00:00
Debian: Security Advisory (DSA-2613-1)
2013-01-28 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-11 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2613-1] rails security update
2013-02-04 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-04 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-03-24 00:00:00
osv
osv
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
cert
cert
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
veracode
veracode
Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass
2019-01-15 08:54:45
packetstorm
packetstorm
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
threatpost
threatpost
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
ubuntucve
ubuntucve
CVE-2013-0333
2013-01-30 00:00:00
cve
cve
CVE-2013-0333
2013-01-30 12:00:00
prion
prion
Sql injection
2013-01-30 12:00:00
debiancve
debiancve
CVE-2013-0333
2013-01-30 12:00:00
github
github
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
rubygems
rubygems
CVE-2013-0333 rubygem-activesupport: json to yaml parsing
2013-01-27 20:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-8.fc17
2013-02-10 04:38:36
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-6.fc16
2013-02-10 04:28:15
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-9.fc17
2013-03-30 21:30:40
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00