lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.9%.
SQLi
RCE
Rails
Ruby On Rails
NVD
Exploit-DB
CVSS 2.0
7.5
EPSS
91.9%
Threat
5.8