CVE-2013-0156

CVE Database · CVE-2013-0156

CVE-2013-0156

· N/AModified

CVSS v3.1

N/A

EPSS

99.45%

Published

Jan 13, 2013

Modified

Apr 28, 2026

Public PoC / Exploit (3)

All weaponized →

Exploit-DBRuby on Rails - Known Secret Session Cookie Remote Code Execution (Metasploit)Exploit-DBRuby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.

Weaknesses (CWE)

CWE-20

Affected Products (6)

rubyonrails · rails (up to 3.2.11)vulnerable

rubyonrails · ruby_on_rails (up to 2.3.15)vulnerable

rubyonrails · ruby_on_rails (up to 3.0.19)vulnerable

rubyonrails · ruby_on_rails (up to 3.1.10)vulnerable

debian · debian_linuxvulnerable

References (20)

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

Third Party AdvisoryUS Government Resource

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html