Lucene search
SuseSUSE-SU-2013:0486-1HistoryMar 19, 2013 - 6:04 p.m.
Security update for Ruby On Rails (important)
2013-03-1918:04:46
lists.opensuse.org
40
0.974 High
EPSS
Percentile
99.9%
The Ruby on Rails stack has been updated to 2.3.17 to fix
various security issues and bugs.
The rails gems have been updated to fix:
- Unsafe Query Generation Risk in Ruby on Rails
(CVE-2013-0155) - Multiple vulnerabilities in parameter parsing in
Action Pack (CVE-2013-0156) - activerecord: SQL Injection (CVE-2012-5664)
- rails: Vulnerability in JSON Parser in Ruby on Rails
3.0 and 2.3 (CVE-2013-0333) - activerecord: Circumvention of attr_protected
(CVE-2013-0276) - activerecord: Serialized Attributes YAML
Vulnerability with Rails 2.3 and 3.0 (CVE-2013-0277)
Related
suse
suse
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
openvas
openvas
openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0280-1)
2013-03-11 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-2391
2013-02-22 00:00:00
SuSE Update for ruby openSUSE-SU-2013:0280-1 (ruby)
2013-03-11 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
2013-02-21 05:38:11
[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-2.fc16
2013-01-23 01:34:00
[SECURITY] Fedora 18 Update: rubygem-actionpack-3.2.8-2.fc18
2013-01-20 03:40:48
nessus
nessus
openSUSE Security Update : ruby (openSUSE-SU-2013:0278-1)
2014-06-13 00:00:00
Debian DSA-2620-1 : rails - several vulnerabilities
2013-02-13 00:00:00
Mac OS X : OS X Server < 2.2.1 Multiple Vulnerabilities
2013-02-05 00:00:00
osv
osv
rails - several
2013-02-12 00:00:00
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
debian
debian
[SECURITY] [DSA 2620-1] rails security update
2013-02-12 21:09:50
[SECURITY] [DSA 2597-1] rails security update
2013-01-04 22:11:28
[SECURITY] [DSA 2613-1] rails security update
2013-01-30 07:33:38
securityvulns
securityvulns
[SECURITY] [DSA 2620-1] rails security update
2013-02-18 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-18 00:00:00
[SECURITY] [DSA 2613-1] rails security update
2013-02-04 00:00:00
cert
cert
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
veracode
veracode
threatpost
threatpost
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
packetstorm
packetstorm
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
cve
cve
ubuntucve
ubuntucve
ics
ics
prion
prion
Sql injection
2013-01-30 12:00:00
Cross site request forgery (csrf)
2013-02-13 01:55:00
Code injection
2013-02-13 01:55:00
github
github
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
Active Record contains deserialization of arbitrary YAML
2017-10-24 18:33:37
debiancve
debiancve
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
rubygem-rails -- SQL injection vulnerability
2013-01-02 00:00:00
Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-11 00:00:00
rubygems
rubygems
CVE-2013-0333 rubygem-activesupport: json to yaml parsing
2013-01-27 20:00:00
gitlab
gitlab
Circumvention of attr_protected
2013-02-12 00:00:00
Circumvention of attr_protected
2013-02-12 00:00:00
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
2013-01-30 00:00:00
seebug
seebug
Ruby on Rails Authlogic gem SQL注入漏洞
2012-12-28 00:00:00
Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)
2013-03-07 00:00:00
Ruby on Rails 'convert_json_to_yaml()'方法安全漏洞
2013-01-30 00:00:00
checkpoint_advisories
checkpoint_advisories
redhat
redhat
(RHSA-2013:0201) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0202) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
zdt
zdt
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
kitploit
kitploit
[Nmap v6.40] Free Security Scanner For Network Exploration & Security Audits
2013-08-21 01:33:00
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
exploitdb
exploitdb