CVE-2013-0285: Parameter parsing remote code execution

April 9, 2013 (updated April 16, 2013)

Nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156.

References

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0285
github.com/savonrb/nori/commit/818f5263b1d597b603d46cbe1702cd2717259e32

Detect and mitigate CVE-2013-0285 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →