Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Crack
(John_nunemaker)| Repositories | https://github.com/jnunemaker/crack |
| #Vulnerabilities | 1 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-04-09 | CVE-2013-1800 | The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | Crack | N/A |