CVE-2013-0333 vulnerability in Ruby on Rails Products
Published on January 30, 2013

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2013-0333

stack.watch emails you whenever new vulnerabilities are published in Ruby on Rails Rails or Ruby on Rails. Just hit a watch button to start following.

Ruby on Rails Rails

Ruby on Rails

Exploit Probability

EPSS

91.94%

Percentile

99.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-0333 vulnerability in Ruby on Rails ProductsPublished on January 30, 2013

Products Associated with CVE-2013-0333

Exploit Probability

CVE-2013-0333 vulnerability in Ruby on Rails Products
Published on January 30, 2013