Oval Definition:	oval:org.opensuse.security:def:20130156
Revision Date: 2022-06-30 Version: 1 Title: CVE-2013-0156 Description: active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. Family: unix Class: vulnerability Status: Reference(s): CVE-2013-0156 Mitre CVE-2013-0156 SUSE CVE-2013-0156 openSUSE-SU-2013:0278-1 openSUSE-SU-2013:0278-1 openSUSE-SU-2013:0280-1 openSUSE-SU-2013:0280-1 SUSE-SU-2013:0486-1 SUSE-SU-2013:0486-1 SUSE-SU-2013:0508-1 SUSE-SU-2013:0508-1 SUSE-SU-2013:0606-1 SUSE-SU-2013:0606-1 Platform(s): openSUSE 12.1 openSUSE 12.1 Update openSUSE 12.2 Update openSUSE Tumbleweed SUSE Cloud 1.0 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE OpenStack Cloud 6 SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] SUSE Studio Standard Edition 1.2 WebYaST 1.2 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND rubygem-activesupport-3_2-3.2.12-0.9 is installed OR Package Information SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND rubygem-actionmailer-2_3-2.3.17-0.9 is installed OR rubygem-actionpack-2_3-2.3.17-0.9 is installed OR rubygem-activerecord-2_3-2.3.17-0.9 is installed OR rubygem-activeresource-2_3-2.3.17-0.9 is installed OR rubygem-activesupport-2_3-2.3.17-0.9 is installed OR rubygem-rails-2.3.17-0.8 is installed OR rubygem-rails-2_3-2.3.17-0.9 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND Package Information rubygem-actionmailer-2_3-2.3.17-0.9.1 is installed OR rubygem-actionpack-2_3-2.3.17-0.9.1 is installed OR rubygem-activerecord-2_3-2.3.17-0.9.1 is installed OR rubygem-activeresource-2_3-2.3.17-0.9.1 is installed OR rubygem-activesupport-2_3-2.3.17-0.9.1 is installed OR rubygem-rails-2.3.17-0.8.1 is installed OR rubygem-rails-2_3-2.3.17-0.9.1 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-extlib-0.9.16-1 is installed Definition Synopsis openSUSE Tumbleweed is installed AND Package Information ruby2.2-rubygem-extlib-0.9.16-7.4 is installed OR ruby2.2-rubygem-extlib-doc-0.9.16-7.4 is installed OR ruby2.2-rubygem-extlib-testsuite-0.9.16-7.4 is installed OR ruby2.3-rubygem-extlib-0.9.16-7.4 is installed OR ruby2.3-rubygem-extlib-doc-0.9.16-7.4 is installed OR ruby2.3-rubygem-extlib-testsuite-0.9.16-7.4 is installed
BACK