CyberSec.Space Logo
Back to CVE Browser

CVE-2013-0277

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1380%
EPSS Percentile21.33th
PublishedFeb 13, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

Affected Platforms (CPE)

πŸ“¦
Rubyonrails

Rails

= 3.0.0
πŸ“¦
Rubyonrails

Rails

= 3.0.0
πŸ“¦
Rubyonrails

Rails

= 3.0.0
πŸ“¦
Rubyonrails

Rails

= 3.0.0
πŸ“¦
Rubyonrails

Rails

= 3.0.0
πŸ“¦
Rubyonrails

Rails

= 3.0.0
πŸ“¦
Rubyonrails

Rails

= 3.0.0
πŸ“¦
Rubyonrails

Rails

= 3.0.1
πŸ“¦
Rubyonrails

Rails

= 3.0.1
πŸ“¦
Rubyonrails

Rails

= 3.0.2
πŸ“¦
Rubyonrails

Rails

= 3.0.2
πŸ“¦
Rubyonrails

Rails

= 3.0.3
πŸ“¦
Rubyonrails

Rails

= 3.0.4
πŸ“¦
Rubyonrails

Rails

= 3.0.5
πŸ“¦
Rubyonrails

Rails

= 3.0.5
πŸ“¦
Rubyonrails

Rails

= 3.0.6
πŸ“¦
Rubyonrails

Rails

= 3.0.6
πŸ“¦
Rubyonrails

Rails

= 3.0.6
πŸ“¦
Rubyonrails

Rails

= 3.0.7
πŸ“¦
Rubyonrails

Rails

= 3.0.7
πŸ“¦
Rubyonrails

Rails

= 3.0.7
πŸ“¦
Rubyonrails

Rails

= 3.0.8
πŸ“¦
Rubyonrails

Rails

= 3.0.8
πŸ“¦
Rubyonrails

Rails

= 3.0.8
πŸ“¦
Rubyonrails

Rails

= 3.0.8
πŸ“¦
Rubyonrails

Rails

= 3.0.8
πŸ“¦
Rubyonrails

Rails

= 3.0.9
πŸ“¦
Rubyonrails

Rails

= 3.0.9
πŸ“¦
Rubyonrails

Rails

= 3.0.9
πŸ“¦
Rubyonrails

Rails

= 3.0.9
πŸ“¦
Rubyonrails

Rails

= 3.0.9
πŸ“¦
Rubyonrails

Rails

= 3.0.9
πŸ“¦
Rubyonrails

Rails

= 3.0.10
πŸ“¦
Rubyonrails

Rails

= 3.0.10
πŸ“¦
Rubyonrails

Rails

= 3.0.11
πŸ“¦
Rubyonrails

Rails

= 3.0.12
πŸ“¦
Rubyonrails

Rails

= 3.0.12
πŸ“¦
Rubyonrails

Rails

= 3.0.13
πŸ“¦
Rubyonrails

Rails

= 3.0.13
πŸ“¦
Rubyonrails

Rails

= 3.0.14
πŸ“¦
Rubyonrails

Rails

= 3.0.16
πŸ“¦
Rubyonrails

Rails

= 3.0.17
πŸ“¦
Rubyonrails

Rails

= 3.0.18
πŸ“¦
Rubyonrails

Rails

= 3.0.19
πŸ“¦
Rubyonrails

Rails

= 3.0.20
πŸ“¦
Rubyonrails

Ruby On Rails

= 3.0.4
πŸ“¦
Rubyonrails

Rails

= 2.3.0
πŸ“¦
Rubyonrails

Rails

= 2.3.1
πŸ“¦
Rubyonrails

Rails

= 2.3.2
πŸ“¦
Rubyonrails

Rails

= 2.3.3
πŸ“¦
Rubyonrails

Rails

= 2.3.4
πŸ“¦
Rubyonrails

Rails

= 2.3.9
πŸ“¦
Rubyonrails

Rails

= 2.3.10
πŸ“¦
Rubyonrails

Rails

= 2.3.11
πŸ“¦
Rubyonrails

Rails

= 2.3.12
πŸ“¦
Rubyonrails

Rails

= 2.3.13
πŸ“¦
Rubyonrails

Rails

= 2.3.14
πŸ“¦
Rubyonrails

Rails

= 2.3.15
πŸ“¦
Rubyonrails

Rails

= 2.3.16

References & Advisories

πŸ”— http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
πŸ”— http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
πŸ”— http://secunia.com/advisories/52112
πŸ”— http://securitytracker.com/id?1028109
πŸ”— http://support.apple.com/kb/HT5784
πŸ”— http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
πŸ”— http://www.debian.org/security/2013/dsa-2620
πŸ”— http://www.openwall.com/lists/oss-security/2013/02/11/6

Related Vulnerabilities

CVE-2012-457710.0

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device ...

CVE-2019-110279.8

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to int...

CVE-2019-54209.8

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automati...

CVE-2020-81659.8

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unma...