CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack

January 13, 2013 (updated August 8, 2019)

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

References

groups.google.com/forum/?fromgroups=

Detect and mitigate CVE-2013-0156 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →