CVE-2013-1854

Опубликовано: 19 мар. 2013

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01795

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2013-1854

ubuntu

почти 13 лет назад

CVE-2013-1854

redhat

почти 13 лет назад

CVE-2013-1854

debian

почти 13 лет назад

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ...

GHSA-3crr-9vmg-864v

github

больше 8 лет назад

Active Record Improper Input Validation

EPSS

Процентиль: 82%

0.01795

Низкий

5 Medium

CVSS2

Дефекты

CWE-20