Description
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3054 Vulnerability (CVE-2018-3054)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.25)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.27)
OpenSSL Resource Management Errors Vulnerability (CVE-2006-2940)
WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)