Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0156Improper Input Validation in Rails

CWE-20Improper Input ValidationCWE-502Deserialization of Untrusted DataCWE-74InjectionCWE-704Incorrect Type Conversion or Cast27 documents12 sources
Severity
7.5HIGHNVD
EPSS
91.9%
top 0.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Rubyonrails RailsRubyonrails Ruby ON RailsActionpack Project Actionpack+1 more
Timeline
PublishedJan 13
Latest updateOct 24

Description

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDrubyonrails/rails3.2.03.2.11
NVDrubyonrails/ruby_on_rails3.0.03.0.19+2
RubyGemsactionpack_project/actionpack3.0.03.0.19+3
Debianrubyonrails/rails< 2.3.14.1+3

Also affects: Debian Linux 6.0, 7.0

🔴Vulnerability Details

11
OSV
actionpack Improper Input Validation vulnerability2017-10-24
GHSA
actionpack Improper Input Validation vulnerability2017-10-24
GHSA
activesupport in Rails vulnerable to incorrect data conversion2017-10-24
GHSA
extlib does not properly restrict casts of string values2017-10-24
GHSA
nori contains Improper Input Validation2017-10-24

💥Exploits & PoCs

5
Exploit-DB
Ruby on Rails - Known Secret Session Cookie Remote Code Execution (Metasploit)2013-08-12
Exploit-DB
Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)2013-01-29
Exploit-DB
Ruby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit)2013-01-10
Metasploit
Ruby on Rails JSON Processor YAML Deserialization Code Execution
Nuclei
Infoblox NetMRI < 7.6.1 - Remote Code Execution via Hardcoded Ruby Cookie Secret Key

📋Vendor Advisories

4
Red Hat
rubygem-activesupport: json to yaml parsing2013-01-28
Red Hat
rubygem-crack: YAML parameter parsing vulnerability2013-01-14
Red Hat
rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack2013-01-08
Debian
CVE-2013-0156: rails - active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0....2013

🕵️Threat Intelligence

2
Talos
The Ruby on Rails vulnerability that made Metasploit release a patch2013-01-10
Talos
The Ruby on Rails vulnerability that made Metasploit release a patch2013-01-10

💬Community

4
Bugzilla
CVE-2013-1655 Puppet: Master code loading Ruby symbols vulnerability2013-03-10
Bugzilla
CVE-2013-0155 CVE-2013-0156 rubygem-actionpack various flaws [fedora-all]2013-01-09
Bugzilla
CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack2013-01-08
Bugzilla
CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2013-0156 rubygem-actionpack various flaws [epel-5]2012-08-10
CVE-2013-0156 — Improper Input Validation in Rails | cvebase