| Max CVSS | 7.5 | Min CVSS | 6.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-0156 | 7.5 |
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection
|
13-02-2023 - 00:27 | 13-01-2013 - 22:55 | |
| CVE-2013-0155 | 6.4 |
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass inte
|
08-08-2019 - 15:42 | 13-01-2013 - 22:55 |