Scan for free your assets for this vulnerability
It is easy and free to get started with Mageni and it can be installed in Windows, macOS and Linux.
Processing. Please wait...
No credit card necessary
Debian Security Advisory DSA 2613-1 (rails - insufficient input validation)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Lawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. The vulnerability has been addressed by removing the YAML backend and adding the OkJson backend.
Affected Software
Affected Software
rails on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze6. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.3.14-6 of the ruby-activesupport-2.3 package. The 3.2 version of rails as found in Debian wheezy and sid is not affected by the problem. We recommend that you upgrade your rails packages.
Common Vulnerabilities and Exposures (CVE)
Know your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.
Get Started for Free