Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:rubyonrails:rails:2.3.1
There are 24 matching records.
Displaying matches 21 through 24.
Vuln ID Summary CVSS Severity
CVE-2013-1854

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

Published: March 19, 2013; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-0277

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

Published: February 12, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.

Published: February 12, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0333

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

Published: January 30, 2013; 7:00:08 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH