Red Hat Bugzilla – Bug 917233
CVE-2013-1802 rubygem-extlib: YAML parameter parsing vulnerability
Last modified: 2018-01-29 20:02:12 EST
Tasha Drew reports:
Researchers investigating the Rails parameter parsing vulnerability discovered
that the same or similar vulnerable code had made its way into multiple other
libraries. If your application uses these libraries to process untrusted data,
it may still be vulnerable even if you have upgraded Rails. Check your Gemfile
and Gemfile.lock for vulnerable versions of the following libraries, and if you
are using one, update it immediately.
You can update each of these by using "bundle update <gem name>".
Vulnerable: <= 0.9.15
Created rubygem-extlib tracking bugs for this issue
Affects: epel-all [bug 917234]