Remote Code Execution and SQL Injection Vulnerability in Ruby on Rails JSON to YAML Conversion

Remote Code Execution and SQL Injection Vulnerability in Ruby on Rails JSON to YAML Conversion

CVE-2013-0333 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.