Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby on Rails 安全漏洞
Vulnerability Description
Ruby on Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails 2.3.x版本至2.3.16之前版本、3.0.x版本至3.0.20之前版本存在安全漏洞,该漏洞源于没有正确地将JSON数据转换为YAML数据以供YAML解析器处理。攻击者利用该漏洞执行任意代码,从而执行SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A