Sha256: baeed9408a71c8421865f6d688bc80562b1939fe091233bc85d43361ef67b78a
Contents?: true
Size: 710 Bytes
Versions: 2
Compression:
Stored size: 710 Bytes
Contents
--- url: http://osvdb.org/show/osvdb/89594 title: | Ruby on Rails JSON Parser Crafted Payload YAML Subset Decoding Remote Code Execution description: | Ruby on Rails contains a flaw in the JSON parser. Rails supports multiple parsing backends, one of which involves transforming JSON into YAML via the YAML parser. With a specially crafted payload, an attacker can subvert the backend into decoding a subset of YAML. This may allow a remote attacker to bypass restrictions, allowing them to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. cvss_v2: 9.3 patched_versions: - ~> 2.3.16 - ">= 3.0.20"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.1.1 | data/bundler/audit/rails/2013-0333.yml |
| bundler-audit-0.1.0 | data/bundler/audit/rails/2013-0333.yml |