Posts Tagged ‘code execution’

Vulnerability

Execution of arbitrary code

Ruby on Rails JSON Processor YAML Deserialization Code Execution

Vulnerability: Execution of arbitrary code in Ruby on Rails

Danger: High
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-0333
Vector of operation: Remote
Impact: System Compromise

Be exploited: PoC code
Affected Products: Ruby on Rails 2.3.x, Ruby on Rails 3.0.x

Affected versions: Ruby on Rails versions prior to 3.0.20 and 2.3.16.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system. (more…)