CVE-2013-1854

NONECVSS 0.0

0.0

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

🔗 References (24)

secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-0699.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2014-1863.html
secalert@redhathttp://support.apple.com/kb/HT5784
secalert@redhathttp://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
secalert@redhathttps://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

Is Your Infrastructure Affected by CVE-2013-1854?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-1854

📅 Published

🔄 Last Modified

🔗 References (24)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-1854?