CVE-2013-0277
https://notcve.org/view.php?id=CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML. Active Record en Ruby on Rails v3.x anteriores a v3.1.0 y v2.3.x anteriores a v2.3.17 permite a atacantes remotos causar una denegación de servicio o ejecución de código arbitrario a través de atributos serializados manipulados que causan al asistente +serialize+ la des-serialización arbitraria del YAML. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html http://secunia.com/advisories/52112 http://securitytracker.com/id?1028109 http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released http://www.debian.org/security/2013/dsa-2620 http://www.openwall.com/lists/oss-security/2013/02/11/6 http://www.osv •
CVE-2013-0333 – Ruby on Rails - JSON Processor YAML Deserialization Code Execution
https://notcve.org/view.php?id=CVE-2013-0333
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. lib/active_support/json/backends/yaml.rb en Ruby on Rails v2.3.x anterior a v2.3.16 y v3.0.x anterior a v3.0.20 no convierte correctamente los datos de tipo JSON a datos YAML para el procesamiento por el analizador YAML, lo cual permite a atacantes remotos ejecutar código arbitrario, conducir ataques de inyección SQL, o saltare la autentificación a través de la modificación de datos que disparan una descodificación insegura, esta vulnerabilidad es diferente a CVE-2013-0156. • https://www.exploit-db.com/exploits/24434 https://github.com/heroku/heroku-CVE-2013-0333 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0201.html http://rhn.redhat.com/errata/RHSA-2013-0202.html http://rhn.redhat.com/errata/RHSA-2013-0203.html http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/1/28/Rails-3-0 • CWE-502: Deserialization of Untrusted Data •
CVE-2013-0155 – rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
https://notcve.org/view.php?id=CVE-2013-0155
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. Ruby on Rails v3.0.x anteior a v3.0.19, v3.1.x anteior a v3.1.10, y v3.2.x anteior a v3.2.11 no considera adecuadamente las diferencias en el manejo de parámetros entre el componente Active Record y la implementación JSON, lo que permite a atacantes remotos evitar las restricciones de peticiones a base de datos y realizar chequeos NULL o provocar un WHERE a través de una consulta manipulada. Como se ha demostrado mdiante determinados valires "[nil]". Relacionado con los CVE-2012-2660 y CVE-2012-2694. • http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-0154.html http://rhn.redhat.com/errata/RHSA-2013-0155. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0156 – Ruby on Rails - Known Secret Session Cookie Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. active_support/core_ext/hash/conversions.rb en Ruby on Rails anterior a v2.3.15, v3.0.x anterior a v3.0.19, v3.1.x anterior a v3.1.10, y v3.2.x anterior a v3.2.11 no restringe adecuadamente el "casting" de las variables de tipo cadena, lo que permite a atacantes remotos llevar a cabo ataques de inyección de objetos y la ejecución de código arbitrario o provocar una denegación de servicio (consumo de memoria y CPU) involucrando a referencias de entidades XML anidadas, aprovechando el soporte de Action Pack para lso tipos de conversion (1) YAML o (2) Symbol. • https://www.exploit-db.com/exploits/27527 https://www.exploit-db.com/exploits/24019 https://github.com/heroku/heroku-CVE-2013-0156 https://github.com/R3dKn33-zz/CVE-2013-0156 http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0153.html http://rhn.redhat.com/errata/RHSA-2013-0154.html http://rhn.redhat.com/errata/RHSA-2013-0155.html http://we • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVE-2012-6497
https://notcve.org/view.php?id=CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. La gema Authlogic para Ruby on Rails, cuando se utiliza con algunas versiones antes de v3.2.10, hace llamadas al método find_by_id potencialmente inseguras que podría permitir a atacantes remotos realizar ataques de inyección SQL CVE-2012-6496 a través de un parámetro modificado en ambientes que han conocido un valor secret_token, como lo demuestra un valor contenido en secret_token.rb en un producto de código abierto. • http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts http://openwall.com/lists/oss-security/2013/01/03/12 http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html http://www.securityfocus.com/bid/57084 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •