Red Hat Bugzilla – Bug 894383
CVE-2013-0175 rubygem-multi_xml: Security flaw in Symbol and YAML parameters parsing
Last modified: 2015-07-31 02:56:51 EDT
A security flaw was found in the way multi_xml gem, a Ruby gem to provide swappable XML backends utilizing LibXML, Nokogiri, Ox, or REXML, performed Symbol and YAML parameters parsing. A remote attacker could use this flaw to execute arbitrary code with the privileges of the Ruby on Rails application using the multi_xml gem via specially-crafted HTTP POST request.
This issue affects the version of the rubygem-multi_xml package, as shipped with Fedora release of 17. Please schedule an update.
Created rubygem-multi_xml tracking bugs for this issue
Affects: fedora-17 [bug 894385]
rubygem-multi_xml-0.4.1-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
rubygem-multi_xml-0.4.1-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.