WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-1854)

Description

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

Remediation

References

Related Vulnerabilities

Artifactory CVE-2024-3505 Vulnerability (CVE-2024-3505)

Drupal Files or Directories Accessible to External Parties Vulnerability (CVE-2017-6922)

PHP Resource Management Errors Vulnerability (CVE-2007-4660)

Mailman Other Vulnerability (CVE-2004-0182)

MySQL Improper Input Validation Vulnerability (CVE-2006-4227)

Severity

Medium

Classification

CVE-2013-1854 CWE-20

Tags

Missing Update Known Vulnerabilities