10
CVE-2013-0277
- EPSS 7.5%
- Veröffentlicht 13.02.2013 01:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rubyonrails ≫ Rails Version3.0.0
Rubyonrails ≫ Rails Version3.0.0 Updatebeta
Rubyonrails ≫ Rails Version3.0.0 Updatebeta2
Rubyonrails ≫ Rails Version3.0.0 Updatebeta3
Rubyonrails ≫ Rails Version3.0.0 Updatebeta4
Rubyonrails ≫ Rails Version3.0.0 Updaterc
Rubyonrails ≫ Rails Version3.0.0 Updaterc2
Rubyonrails ≫ Rails Version3.0.1
Rubyonrails ≫ Rails Version3.0.1 Updatepre
Rubyonrails ≫ Rails Version3.0.2
Rubyonrails ≫ Rails Version3.0.2 Updatepre
Rubyonrails ≫ Rails Version3.0.3
Rubyonrails ≫ Rails Version3.0.4 Updaterc1
Rubyonrails ≫ Rails Version3.0.5
Rubyonrails ≫ Rails Version3.0.5 Updaterc1
Rubyonrails ≫ Rails Version3.0.6
Rubyonrails ≫ Rails Version3.0.6 Updaterc1
Rubyonrails ≫ Rails Version3.0.6 Updaterc2
Rubyonrails ≫ Rails Version3.0.7
Rubyonrails ≫ Rails Version3.0.7 Updaterc1
Rubyonrails ≫ Rails Version3.0.7 Updaterc2
Rubyonrails ≫ Rails Version3.0.8
Rubyonrails ≫ Rails Version3.0.8 Updaterc1
Rubyonrails ≫ Rails Version3.0.8 Updaterc2
Rubyonrails ≫ Rails Version3.0.8 Updaterc3
Rubyonrails ≫ Rails Version3.0.8 Updaterc4
Rubyonrails ≫ Rails Version3.0.9
Rubyonrails ≫ Rails Version3.0.9 Updaterc1
Rubyonrails ≫ Rails Version3.0.9 Updaterc2
Rubyonrails ≫ Rails Version3.0.9 Updaterc3
Rubyonrails ≫ Rails Version3.0.9 Updaterc4
Rubyonrails ≫ Rails Version3.0.9 Updaterc5
Rubyonrails ≫ Rails Version3.0.10
Rubyonrails ≫ Rails Version3.0.10 Updaterc1
Rubyonrails ≫ Rails Version3.0.11
Rubyonrails ≫ Rails Version3.0.12
Rubyonrails ≫ Rails Version3.0.12 Updaterc1
Rubyonrails ≫ Rails Version3.0.13
Rubyonrails ≫ Rails Version3.0.13 Updaterc1
Rubyonrails ≫ Rails Version3.0.14
Rubyonrails ≫ Rails Version3.0.16
Rubyonrails ≫ Rails Version3.0.17
Rubyonrails ≫ Rails Version3.0.18
Rubyonrails ≫ Rails Version3.0.19
Rubyonrails ≫ Rails Version3.0.20
Rubyonrails ≫ Ruby On Rails Version3.0.4
Rubyonrails ≫ Rails Version2.3.0
Rubyonrails ≫ Rails Version2.3.1
Rubyonrails ≫ Rails Version2.3.2
Rubyonrails ≫ Rails Version2.3.3
Rubyonrails ≫ Rails Version2.3.4
Rubyonrails ≫ Rails Version2.3.9
Rubyonrails ≫ Rails Version2.3.10
Rubyonrails ≫ Rails Version2.3.11
Rubyonrails ≫ Rails Version2.3.12
Rubyonrails ≫ Rails Version2.3.13
Rubyonrails ≫ Rails Version2.3.14
Rubyonrails ≫ Rails Version2.3.15
Rubyonrails ≫ Rails Version2.3.16
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.5% | 0.937 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://support.apple.com/kb/HT5784
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
http://secunia.com/advisories/52112
http://www.debian.org/security/2013/dsa-2620
http://securitytracker.com/id?1028109
http://www.openwall.com/lists/oss-security/2013/02/11/6
http://www.osvdb.org/90073
https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain
https://puppet.com/security/cve/cve-2013-0277