Project

General

Profile

Bug #1747

Vulnerability in ruby-activerecord < 3.2.13 allow remote denial of service

Added by Leonardo Arena about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
Start date:
03/29/2013
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.


Subtasks

Bug #1748: Vulnerability in ruby-activerecord < 3.2.13 allow remote denial of serviceClosed

Bug #1749: Vulnerability in ruby-activerecord < 2.3.18 allow remote denial of serviceClosed

Bug #1750: Vulnerability in ruby-activerecord < 2.3.18 allow remote denial of serviceClosed

Associated revisions

Revision 4620dcb6 (diff)
Added by Natanael Copa about 6 years ago

main/ruby-activerecord: security upgrade to 3.2.13 (CVE-2013-1854)

fixes #1747

History

#1 Updated by Natanael Copa about 6 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Natanael Copa about 6 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF