Описание
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rails-4.0 | not-affected | package | ||
| rails-3.2 | fixed | 3.2.17-1 | package | |
| ruby-actionpack-3.2 | removed | package | ||
| ruby-actionpack-2.3 | removed | package | ||
| ruby-actionpack-2.3 | end-of-life | wheezy | package | |
| rails | fixed | 2.3.14.1 | package | |
| rails | end-of-life | squeeze | package |
Примечания
Starting with 2.3.14.1 rails is a transition package
Связанные уязвимости
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
