CVE-2013-0277: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

February 12, 2013 (updated August 8, 2019)

There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.

References

groups.google.com/forum/?fromgroups=

Detect and mitigate CVE-2013-0277 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →