CVE-2013-0277

Опубликовано: 13 фев. 2013

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 10

Описание

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

Релиз	Статус	Примечание
devel	not-affected	contains no code
esm-apps/xenial	not-affected	contains no code
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [contains no code]]
hardy	ignored	end of life
lucid	ignored	end of life
oneiric	not-affected	contains no code
precise	not-affected	contains no code
precise/esm	DNE	precise was not-affected [contains no code]
quantal	not-affected	contains no code
raring	not-affected	contains no code

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra-legacy/trusty	DNE
hardy	DNE
lucid	DNE
oneiric	ignored	end of life
precise	ignored	end of life
precise/esm	DNE	precise was needed
quantal	ignored	end of life
raring	ignored	end of life
saucy	ignored	end of life

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected]
hardy	DNE
lucid	DNE
oneiric	DNE
precise	DNE
precise/esm	DNE
quantal	not-affected
raring	not-affected
saucy	not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%

0.06742

Низкий

10 Critical

CVSS2

Связанные уязвимости

CVE-2013-0277

redhat

почти 13 лет назад

CVE-2013-0277

nvd

почти 13 лет назад

CVE-2013-0277

debian

почти 13 лет назад

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ...

GHSA-fhj9-cjjh-27vm

github

больше 8 лет назад

Active Record contains deserialization of arbitrary YAML

EPSS

Процентиль: 91%

0.06742

Низкий

10 Critical

CVSS2

CVE-2013-0277

Описание

Пакет rails

Пакет ruby-activerecord-2.3

Пакет ruby-activerecord-3.2

Ссылки на источники

Связанные уязвимости