Sha256: ff9f91543131a0d62c1314614765af41f18bdde7c96b2c5bd099745433788532
Contents?: true
Size: 592 Bytes
Versions: 2
Compression:
Stored size: 592 Bytes
Contents
--- url: http://direct.osvdb.org/show/osvdb/90073 title: | Ruby on Rails Active Record +serialize+ Helper YAML Attribute Handling Remote Code Execution description: | Ruby on Rails contains a flaw in the +serialize+ helper in the Active Record. The issue is triggered when the system is configured to allow users to directly provide values to be serialized and deserialized using YAML. With a specially crafted YAML attribute, a remote attacker can deserialize arbitrary YAML and execute code associated with it. cvss_v2: 10.0 patched_versions: - ~> 2.3.17 - ">= 3.1.0"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.1.1 | data/bundler/audit/rails/2013-0277.yml |
| bundler-audit-0.1.0 | data/bundler/audit/rails/2013-0277.yml |