CVE-2013-0333 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

View Analysis Description Analysis Description lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: N/A NVD score not yet provided. CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 7.5 HIGH Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Weakness Enumeration CWE-ID CWE Name Source NVD-CWE-Other Other NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 59 change records found show changes CPE Deprecation Remap 8/08/2019 11:42:29 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.9:rc5:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:27 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.9:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:24 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.9:rc4:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:21 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.9:rc3:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:18 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.9:rc2:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:15 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.9:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:12 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.8:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:09 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.8:rc4:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:06 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.8:rc3:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:03 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.8:rc2:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:42:00 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.8:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:57 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.7:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:55 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.7:rc2:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:52 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.7:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:49 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.6:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:46 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.6:rc2:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:43 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.6:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:40 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.5:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:38 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.5:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:41:35 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:38:51 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:rc:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:43 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.19:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:41 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.18:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:38 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.17:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:35 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.16:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:32 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.14:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:30 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.11:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:27 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.3:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:24 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.2:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:35:21 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.1:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:25:04 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.13:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:25:01 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.13:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:24:57 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.12:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:24:55 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.12:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:24:52 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.10:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 11:24:49 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.10:rc1:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:49:29 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.0:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:44:18 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.2:pre:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:44:15 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.1:pre:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:44:12 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.0:rc2:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:44:09 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.0:rc:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:44:06 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.0:beta4:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:44:03 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.0:beta3:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:44:00 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.0:beta2:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:43:57 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.0:beta:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:39:01 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.15:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:58 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.14:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:56 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.13:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:54 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.12:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:51 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.11:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:48 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.10:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:46 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.9:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:43 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.4:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:41 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.3:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:38 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.2:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:35 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.1:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*



CPE Deprecation Remap 8/08/2019 10:38:33 AM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.0:*:*:*:*:*:*:*



OR *cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*



CVE Modified by MITRE 12/08/2017 9:29:01 PM Action Type Old Value New Value Added Reference https://puppet.com/security/cve/cve-2013-0333 [No Types Assigned]



Initial CVE Analysis 1/30/2013 9:19:00 AM Action Type Old Value New Value Quick Info CVE Dictionary Entry:

CVE-2013-0333

NVD Published Date:

01/30/2013

NVD Last Modified:

08/08/2019

Source:

MITRE

