Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2013-0156
Description:active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Test IDs:  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-0156
CERT/CC vulnerability note: VU#380039
CERT/CC vulnerability note: VU#628463
Debian Security Information: DSA-2604 (Google Search)
RedHat Security Advisories: RHSA-2013:0153
RedHat Security Advisories: RHSA-2013:0154
RedHat Security Advisories: RHSA-2013:0155

© 1998-2021 E-Soft Inc. All rights reserved.