CVE-2013-0333 (Rails JSON Parser Vulnerability)

  • Posted January 30, 2013

  • There is a vulnerability in the JSON code for Ruby on Rails which
    allows attackers to bypass authentication systems, inject arbitrary
    SQL, inject and execute arbitrary code, or perform a DoS attack on a
    Rails application.

    The JSON Parsing code in Rails 2.3 and 3.0 support multiple parsing
    backends. One of the backends involves transforming the JSON into
    YAML, and passing that through the YAML parser. Using a specially
    crafted payload attackers can trick the backend into decoding a subset
    of YAML.

    More information can be found in the following post:


    • Hotfixes available for Puppet Enterprise 1.2.5 and 2.7.0