Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1854

Опубликовано: 18 мар. 2013
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1rubygem-activerecordNot affected
Red Hat CloudForms Tools 1rubygem-activerecordWill not fix
Red Hat Satellite 6ruby193-rubygem-activerecordAffected
Red Hat Subscription Asset Managerrubygem-activerecordWill not fix
Red Hat Subscription Asset Manager 1.4katelloFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-actionmailerFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-actionpackFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-activemodelFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-activerecordFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-activeresourceFixedRHSA-2014:186317.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=921329rubygem-activerecord: attribute_dos Symbol DoS vulnerability

EPSS

Процентиль: 82%
0.01795
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1854

ubuntu
почти 13 лет назад

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

nvd логотип

CVE-2013-1854

nvd
почти 13 лет назад

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

debian логотип

CVE-2013-1854

debian
почти 13 лет назад

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ...

github логотип

GHSA-3crr-9vmg-864v

github
больше 8 лет назад

Active Record Improper Input Validation

EPSS

Процентиль: 82%
0.01795
Низкий

4.3 Medium

CVSS2