--- 
gem: actionpack
framework: rails
cve: 2013-0156
osvdb: 89026
url: https://nvd.nist.gov/vuln/detail/CVE-2013-0156
title:
  Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing
  Remote Code Execution 
date: 2013-01-08

description: |
  Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
  The issue is triggered when a type casting error occurs during the parsing
  of parameters. This may allow a remote attacker to potentially execute
  arbitrary code.

cvss_v2: 10.0

patched_versions: 
  - ~> 2.3.15
  - ~> 3.0.19
  - ~> 3.1.10
  - ">= 3.2.11"