Contents

--- 
gem: activerecord
framework: rails
cve: 2013-0277
osvdb: 90073
url: https://nvd.nist.gov/vuln/detail/CVE-2013-0277
title: |
  Ruby on Rails Active Record +serialize+ Helper YAML Attribute Handling Remote
  Code Execution 
date: 2013-02-11

description: |
  Ruby on Rails contains a flaw in the +serialize+ helper in the Active Record.
  The issue is triggered when the system is configured to allow users to
  directly provide values to be serialized and deserialized using YAML.
  With a specially crafted YAML attribute, a remote attacker can deserialize
  arbitrary YAML and execute code associated with it.

cvss_v2: 10.0

patched_versions: 
  - "~> 2.3.17"
  - ">= 3.1.0"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/activerecord/CVE-2013-0277.yml