Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby crack Gem XML参数解析漏洞
Vulnerability Description
Ruby crack是简单的JSON和XML解析工具。 Ruby crack gem 0.3.1和较早的版本没有正确地限制字符串值转换,使得攻击者可以通过利用Action Pack对YAML类型转换或Symbol转换的支持,实施注入攻击并执行任意代码,或导致拒绝服务(内存和CUP耗尽)。
CVSS Information
N/A
Vulnerability Type
N/A