Contents

--- 
gem: activerecord
cve: 2013-0277
url: http://direct.osvdb.org/show/osvdb/90073
title:
  Ruby on Rails Active Record +serialize+ Helper YAML Attribute Handling Remote
  Code Execution 

description: |
  Ruby on Rails contains a flaw in the +serialize+ helper in the Active Record.
  The issue is triggered when the system is configured to allow users to
  directly provide values to be serialized and deserialized using YAML.
  With a specially crafted YAML attribute, a remote attacker can deserialize
  arbitrary YAML and execute code associated with it.

cvss_v2: 10.0

patched_versions: 
  - ~> 2.3.17
  - ">= 3.1.0"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.1.2	data/ruby-advisory-db/gems/activerecord/2013-0277.yml