Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1800
HistoryApr 09, 2013 - 12:00 a.m.

CVE-2013-1800

2013-04-0900:00:00
ubuntu.com
ubuntu.com
23

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.3%

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts
of string values, which might allow remote attackers to conduct
object-injection attacks and execute arbitrary code, or cause a denial of
service (memory and CPU consumption) by leveraging Action Pack support for
(1) YAML type conversion or (2) Symbol type conversion, a similar
vulnerability to CVE-2013-0156.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.3%