Sha256: 7c797537d84770608d708e8ca095e2b7699c63f560d0c2564e6ea1e86f9cfa9b

Contents?: true

Size: 672 Bytes

Versions: 9

Compression:

Stored size: 672 Bytes

Contents

--- 
gem: activerecord
framework: rails
cve: 2013-0277
osvdb: 90073
url: http://direct.osvdb.org/show/osvdb/90073
title:
  Ruby on Rails Active Record +serialize+ Helper YAML Attribute Handling Remote
  Code Execution 
date: 2013-02-11

description: |
  Ruby on Rails contains a flaw in the +serialize+ helper in the Active Record.
  The issue is triggered when the system is configured to allow users to
  directly provide values to be serialized and deserialized using YAML.
  With a specially crafted YAML attribute, a remote attacker can deserialize
  arbitrary YAML and execute code associated with it.

cvss_v2: 10.0

patched_versions: 
  - ~> 2.3.17
  - ">= 3.1.0"

Version data entries

9 entries across 9 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml