CVE-2013-0175

multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/01/11/9
https://gist.github.com/nate/d7f6d9f4925f413621aa
https://github.com/sferik/multi_xml/pull/34
https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0
https://news.ycombinator.com/item?id=5040457

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:erik_michaels-ober:multi_xml:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:erik_michaels-ober:multi_xml:0.5.2:::::::*
	cpe:2.3:a:grape_project:grape:0.1.0:::::::*
	cpe:2.3:a:grape_project:grape:0.1.1:::::::*
	cpe:2.3:a:grape_project:grape:0.1.2:::::::*
	cpe:2.3:a:grape_project:grape:0.1.3:::::::*
	cpe:2.3:a:grape_project:grape:0.1.4:::::::*
	cpe:2.3:a:grape_project:grape:0.1.5:::::::*
	cpe:2.3:a:grape_project:grape:0.2.0:::::::*
	cpe:2.3:a:grape_project:grape:0.2.1:::::::*
	cpe:2.3:a:grape_project:grape:0.2.2:::::::*
	cpe:2.3:a:grape_project:grape:0.2.3:::::::*
	cpe:2.3:a:grape_project:grape:0.2.4:::::::*
	cpe:2.3:a:grape_project:grape:0.2.5:::::::*

History

No history.

Information

Published : 2013-04-25 23:55

Updated : 2024-02-28 12:00

NVD link : CVE-2013-0175

Mitre link : CVE-2013-0175

CVE.ORG link : CVE-2013-0175

JSON object : View

Products Affected

grape_project

grape

erik_michaels-ober

multi_xml

ruby-lang

ruby

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-0175", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-25T23:55:01.410", "references": [{"url": "http://www.openwall.com/lists/oss-security/2013/01/11/9", "source": "secalert@redhat.com"}, {"url": "https://gist.github.com/nate/d7f6d9f4925f413621aa", "source": "secalert@redhat.com"}, {"url": "https://github.com/sferik/multi_xml/pull/34", "source": "secalert@redhat.com"}, {"url": "https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0", "source": "secalert@redhat.com"}, {"url": "https://news.ycombinator.com/item?id=5040457", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156."}, {"lang": "es", "value": "multi_xml v0.5.2 de Ruby, tal como se utiliza en Grape antes de v0.2.6 y posiblemente otros productos, no restringe debidamente vaciados de valores de cadena, lo que permite a atacantes remotos realizar ataques de inyecci\u00f3n a objetos y ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (consumo de memoria y CPU) que implica anidadas referencias de entidad XML, mediante el aprovechamiento de apoyo (1) YAML conversi\u00f3n de tipo o (2) la conversi\u00f3n de tipos Symbol, una vulnerabilidad similar a CVE-2013-0156."}], "lastModified": "2023-02-13T00:27:26.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:erik_michaels-ober:multi_xml:0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28BB74BA-387E-4EDC-89BD-C83A5F7E8757"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "264DD094-A8CD-465D-B279-C834DDA5F79C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:erik_michaels-ober:multi_xml:0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28BB74BA-387E-4EDC-89BD-C83A5F7E8757"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E127DAB-366C-4EF8-BA31-75710F6C3EB8"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2232040-600B-4700-A003-4938A69472AF"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D32EC21-9ED8-4AB9-A863-377B3FC65524"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "911EEC0A-A036-4612-ADA0-F37A60391731"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE5ED3F1-5108-41CE-9136-76C637D1515E"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A782D309-3921-41A9-B651-7140DAA3B8F8"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B936CD4A-AC45-44B0-A583-7F2EC00AEC0A"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3F9EBC0-F68A-403D-9EE8-E3B028B6AD08"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB8D75D8-3E36-4416-B340-BF106E851AA9"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13955945-3FBD-4A5E-8412-B0FAE846ABAC"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "332884DB-6D64-42F2-B377-1AEB7FF62DF2"}, {"criteria": "cpe:2.3:a:grape_project:grape:0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8BE3F96-6394-45ED-A606-516A76A213F6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}