Ruby on Rails JSON Parser YAML Handling Vulnerability

by Carol~ Moderator - 1/29/13 11:16 AM

In Reply to: VULNERABILITIES / FIXES - January 29, 2013 by Carol~ Moderator

Release Date: 2013-01-29

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software:
Ruby on Rails 2.3.x
Ruby on Rails 3.0.x

Description:
A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error within the "convert_json_to_yaml()" method of the JSON Parser when decoding YAML input.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 3.0.20 and 2.3.16.

Solution:
Update to version 3.0.20 or 2.3.16.

Provided and/or discovered by:
The vendor credits Lawrence Pit, Mirror42.

Original Advisory:
Ruby on Rails:
http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

http://secunia.com/advisories/51938/