Candidate: CVE-2013-1800
PublicDate: 2013-04-09 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1800
Description:
 The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts
 of string values, which might allow remote attackers to conduct
 object-injection attacks and execute arbitrary code, or cause a denial of
 service (memory and CPU consumption) by leveraging Action Pack support for
 (1) YAML type conversion or (2) Symbol type conversion, a similar
 vulnerability to CVE-2013-0156.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:


Patches_ruby-crack:
upstream_ruby-crack: released (0.3.2-1)
precise/esm_ruby-crack: DNE
trusty_ruby-crack: ignored (out of standard support)
trusty/esm_ruby-crack: DNE
xenial_ruby-crack: not-affected (0.4.3-1)
bionic_ruby-crack: not-affected (0.4.3-2)
focal_ruby-crack: not-affected
groovy_ruby-crack: not-affected
devel_ruby-crack: not-affected