Описание
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | ruby193-rubygem-activesupport | Not affected | ||
| OpenShift Enterprise 1 | rubygem-activesupport | Affected | ||
| Red Hat CloudForms Tools 1 | rubygem-activesupport | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygem-activesupport | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS2
Связанные уязвимости
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ...
7.5 High
CVSS2