CVE-2013-0333

Priority
Description
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before
2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML
data for processing by a YAML parser, which allows remote attackers to
execute arbitrary code, conduct SQL injection attacks, or bypass
authentication via crafted data that triggers unsafe decoding, a different
vulnerability than CVE-2013-0156.
Notes
mdeslaurin Oneiric+, rails package is just for transition
Package
Source: rails (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:45:54 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)