CVE-2013-0333 (retired)

Priority
Description
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before
2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML
data for processing by a YAML parser, which allows remote attackers to
execute arbitrary code, conduct SQL injection attacks, or bypass
authentication via crafted data that triggers unsafe decoding, a different
vulnerability than CVE-2013-0156.
Notes
 mdeslaur> in Oneiric+, rails package is just for transition
Package
Source: rails (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-09-19 15:43:06 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)