Elebow

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions prior to 7.0.3.1 Ruby on Rails versions prior to 6.1.6.1 Ruby on Rails versions prior to 6.0.5.1 Ruby on Rails versions prior to 5.2.8.1 **Description** A possible escalation to remote code execution (RCE) exists when using YAML serialized columns in Active Record. This could allow an attacker who can manipulate data in the database, via means like SQL injection, to escalate to an RCE. The issue arises when serialized columns that use YAML are deserialized, and Rails uses `YAML.unsafe load` to convert the YAML data into Ruby objects. **Recommendations** For versions prior to 7.0.3.1, update to version 7.0.3.1 or later. For versions prior to 6.1.6.1, update to version 6.1.6.1 or later. For versions prior to 6.0.5.1, update to version 6.0.5.1 or later. For versions prior to 5.2.8.1, update to version 5.2.8.1 or later.