DEBIAN-CVE-2013-0333

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2013-0333
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-0333.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2013-0333
Upstream
Published
2013-01-30T12:00:08Z
Modified
2025-09-25T00:29:22.027956Z
Summary
[none]
Details

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

References

Affected packages

Debian:11 / rails

Package

Name
rails
Purl
pkg:deb/debian/rails?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.14.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / rails

Package

Name
rails
Purl
pkg:deb/debian/rails?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.14.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / rails

Package

Name
rails
Purl
pkg:deb/debian/rails?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.14.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / rails

Package

Name
rails
Purl
pkg:deb/debian/rails?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.14.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}