Description

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

Remediation

References

CVE-2013-0277

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2006-4940)

WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16619)

WordPress Plugin Related Posts Cross-Site Request Forgery (2.7.1)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16397)

Severity

Critical

Classification

CVE-2013-0277

Tags

Missing Update Known Vulnerabilities