Description

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

Remediation

References

CVE-2013-0277

Related Vulnerabilities

Pega Infinity CVE-2021-27653 Vulnerability (CVE-2021-27653)

WordPress Plugin WP User Groups Cross-Site Request Forgery (2.0.0)

SharePoint Out-of-bounds Write Vulnerability (CVE-2012-2539)

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2017-3730)

Severity

Critical

Classification

CVE-2013-0277

Tags

Missing Update Known Vulnerabilities