CVE-2013-0333 (Rails JSON Parser Vulnerability)

  • Posted January 30, 2013

  • There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

    The JSON Parsing code in Rails 2.3 and 3.0 support multiple parsing backends. One of the backends involves transforming the JSON into YAML, and passing that through the YAML parser. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML.

    More information can be found in the following post:


    • Hotfixes available for Puppet Enterprise 1.2.5 and 2.7.0