Main Vulnerability Database Exploits ID:10860 - Exploit for Input validation error in Ruby on Rails - CVE-2013-0156

ID:10860 - Exploit for Input validation error in Ruby on Rails - CVE-2013-0156

Published: November 15, 2024

Vulnerability identifier: #VU31841

Vulnerability risk: Medium

CVE-ID: CVE-2013-0156

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Ruby on Rails

Link to public exploit:

https://github.com/oxben10/CVE-2013-0156

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.

Remediation

Install update from vendor's website.

ID:10860 - Exploit for Input validation error in Ruby on Rails - CVE-2013-0156

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human