Vulnerability in ruby-activerecord < 2.3.18 allow remote denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by
converting hash keys to symbols, which allows remote attackers to cause
a denial of service via crafted input to a where method.
(from redmine: issue id 1749, created on 2013-03-29, closed on 2013-04-17)
- Relations:
- parent #1747 (closed)
- Changesets:
- Revision a17632e5 by Natanael Copa on 2013-04-12T14:17:17Z:
main/ruby-activerecord: security upgrade to 2.3.18 (CVE-2013-1854)
fixes #1749