Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-0277
HistoryFeb 13, 2013 - 12:00 a.m.

CVE-2013-0277

2013-02-1300:00:00
ubuntu.com
ubuntu.com
14

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.7%

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows
remote attackers to cause a denial of service or execute arbitrary code via
crafted serialized attributes that cause the +serialize+ helper to
deserialize arbitrary YAML.

Notes

Author Note
mdeslaur in Oneiric+, rails package is just for transition

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.7%

Related for UB:CVE-2013-0277