CVE-2013-0333

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

History

21 Nov 2024, 01:47

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html - () http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html -
References () http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html - () http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0201.html - () http://rhn.redhat.com/errata/RHSA-2013-0201.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0202.html - () http://rhn.redhat.com/errata/RHSA-2013-0202.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0203.html - () http://rhn.redhat.com/errata/RHSA-2013-0203.html -
References () http://support.apple.com/kb/HT5784 - () http://support.apple.com/kb/HT5784 -
References () http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/ - () http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/ -
References () http://www.debian.org/security/2013/dsa-2613 - () http://www.debian.org/security/2013/dsa-2613 -
References () http://www.kb.cert.org/vuls/id/628463 - US Government Resource () http://www.kb.cert.org/vuls/id/628463 - US Government Resource
References () https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain - Vendor Advisory () https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain - Vendor Advisory
References () https://puppet.com/security/cve/cve-2013-0333 - () https://puppet.com/security/cve/cve-2013-0333 -

Information

Published : 2013-01-30 12:00

Updated : 2024-11-21 01:47


NVD link : CVE-2013-0333

Mitre link : CVE-2013-0333

CVE.ORG link : CVE-2013-0333


JSON object : View

Products Affected

rubyonrails

  • rails
  • ruby_on_rails