Execution of arbitrary code
Ruby on Rails JSON Processor YAML Deserialization Code Execution
Vulnerability: Execution of arbitrary code in Ruby on Rails
Danger: High
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2013-0333
Vector of operation: Remote
Impact: System Compromise
Be exploited: PoC code
Affected Products: Ruby on Rails 2.3.x, Ruby on Rails 3.0.x
Affected versions: Ruby on Rails versions prior to 3.0.20 and 2.3.16.
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system. (more…)
