Sha256: b68d47bb438d3ae2ff67406b871dd0f5bf22f15be559a10b91dc142485d67dfb

Contents?: true

Size: 579 Bytes

Versions: 14

Compression:

Stored size: 579 Bytes

Contents

--- 
gem: actionpack
framework: rails
cve: 2013-0156
osvdb: 89026
url: http://osvdb.org/show/osvdb/89026
title:
  Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing
  Remote Code Execution 
date: 2013-01-08

description: |
  Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
  The issue is triggered when a type casting error occurs during the parsing
  of parameters. This may allow a remote attacker to potentially execute
  arbitrary code.

cvss_v2: 10.0

patched_versions: 
  - ~> 2.3.15
  - ~> 3.0.19
  - ~> 3.1.10
  - ">= 3.2.11"

Version data entries

14 entries across 14 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml