Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0285

Опубликовано: 09 апр. 2013
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nori_gem_project:nori_gem:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:nori_gem_project:nori_gem:2.0.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:nori_gem_project:nori_gem:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:nori_gem_project:nori_gem:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:nori_gem_project:nori_gem:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:nori_gem_project:nori_gem:1.1.3:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:nori_gem_project:nori_gem:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:nori_gem_project:nori_gem:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:nori_gem_project:nori_gem:1.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.015
Низкий

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2013-0285

ubuntu
почти 13 лет назад

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

github логотип

GHSA-4936-rj25-6wm6

github
больше 8 лет назад

nori contains Improper Input Validation

EPSS

Процентиль: 81%
0.015
Низкий

7.5 High

CVSS2

Дефекты

CWE-20