7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15,
3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not
properly restrict casts of string values, which allows remote attackers to
conduct object-injection attacks and execute arbitrary code, or cause a
denial of service (memory and CPU consumption) involving nested XML entity
references, by leveraging Action Pack support for (1) YAML type conversion
or (2) Symbol type conversion.
Author | Note |
---|---|
mdeslaur | in Oneiric+, rails package is just for transition |
jdstrand | authentication bypass actively being exploited per Debian, on Ubuntu 11.10+, vulnerability is in ruby-activesupport* for rails |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | libextlib-ruby | < 0.9.13-2+deb6u1build0.12.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | ruby-activesupport-2.3 | < 2.3.14-2ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | ruby-activesupport-2.3 | < 2.3.14-2ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | ruby-activesupport-2.3 | < 2.3.14-4ubuntu0.1 | UNKNOWN |
ubuntu | 12.10 | noarch | ruby-activesupport-3.2 | < 3.2.6-4ubuntu0.1 | UNKNOWN |
ubuntu | 12.10 | noarch | ruby-extlib | < 0.9.15-2ubuntu0.1 | UNKNOWN |