CVE-2013-0277
https://notcve.org/view.php?id=CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML. Active Record en Ruby on Rails v3.x anteriores a v3.1.0 y v2.3.x anteriores a v2.3.17 permite a atacantes remotos causar una denegación de servicio o ejecución de código arbitrario a través de atributos serializados manipulados que causan al asistente +serialize+ la des-serialización arbitraria del YAML. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html http://secunia.com/advisories/52112 http://securitytracker.com/id?1028109 http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released http://www.debian.org/security/2013/dsa-2620 http://www.openwall.com/lists/oss-security/2013/02/11/6 http://www.osv •
CVE-2013-0333 – Ruby on Rails - JSON Processor YAML Deserialization Code Execution
https://notcve.org/view.php?id=CVE-2013-0333
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. lib/active_support/json/backends/yaml.rb en Ruby on Rails v2.3.x anterior a v2.3.16 y v3.0.x anterior a v3.0.20 no convierte correctamente los datos de tipo JSON a datos YAML para el procesamiento por el analizador YAML, lo cual permite a atacantes remotos ejecutar código arbitrario, conducir ataques de inyección SQL, o saltare la autentificación a través de la modificación de datos que disparan una descodificación insegura, esta vulnerabilidad es diferente a CVE-2013-0156. • https://www.exploit-db.com/exploits/24434 https://github.com/heroku/heroku-CVE-2013-0333 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0201.html http://rhn.redhat.com/errata/RHSA-2013-0202.html http://rhn.redhat.com/errata/RHSA-2013-0203.html http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/1/28/Rails-3-0 • CWE-502: Deserialization of Untrusted Data •
CVE-2012-6497
https://notcve.org/view.php?id=CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. La gema Authlogic para Ruby on Rails, cuando se utiliza con algunas versiones antes de v3.2.10, hace llamadas al método find_by_id potencialmente inseguras que podría permitir a atacantes remotos realizar ataques de inyección SQL CVE-2012-6496 a través de un parámetro modificado en ambientes que han conocido un valor secret_token, como lo demuestra un valor contenido en secret_token.rb en un producto de código abierto. • http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts http://openwall.com/lists/oss-security/2013/01/03/12 http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html http://www.securityfocus.com/bid/57084 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-6496 – rubygem-activerecord: find_by_* SQL Injection
https://notcve.org/view.php?id=CVE-2012-6496
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. Vulnerabilidad de inyección SQL en el componente Active Record en Ruby on Rails antes de v3.0.18, v3.1.x antes de v3.1.9, y v3.2.x antes de v3.2.10, permite a atacantes remotos ejecutar comandos SQL a través de una solicitud modificada que aprovecha el comportamiento incorrecto de buscadores dinámicos en aplicaciones que pueden utilizar los tipos de datos inesperados en ciertas llamadas al método find_by_. • http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts http://rhn.redhat.com/errata/RHSA-2013-0154.html http://rhn.redhat.com/errata/RHSA-2013-0155.html http://rhn.redhat.com/errata/RHSA-2013-0220.html http://rhn.redhat.com/errata/RHSA-2013-0544.html http://security.gentoo.org/glsa/glsa-201401-22.xml http://www.securityfocus.com/bid/57084 https://bugzilla.redhat.com/show_bug.cgi?id=889649 https://groups.google.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-3463 – rubygem-actionpack: potential XSS vulnerability in select_tag prompt
https://notcve.org/view.php?id=CVE-2012-3463
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en actionpack/lib/action_view/helpers/form_tag_helper.rb en Ruby on Rails v3.x anterior a v3.0.17, v3.1.x anterior a v3.1.8, y v3.2.x anterior a v3.2.8 permite la administración remota los atacantes para inyectar secuencias de comandos web o HTML a través del campo del sistema para el (helper) select_tag. • http://rhn.redhat.com/errata/RHSA-2013-0154.html http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain https://access.redhat.com/security/cve/CVE-2012-3463 https://bugzilla.redhat.com/show_bug.cgi?id=847196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •