CVE-2013-1802

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dan_kubb:extlib:*:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:dan_kubb:extlib:0.9.2:*:*:*:*:*:*:*

Information

Published : 2013-04-09 13:55

Updated : 2013-04-09 21:00


NVD link : CVE-2013-1802

Mitre link : CVE-2013-1802


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

dan_kubb

  • extlib