Description

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

Remediation

References

CVE-2013-1854

Related Vulnerabilities

WordPress Plugin Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Cross-Site Scripting (5.1.0)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)

MediaWiki Other Vulnerability (CVE-2005-0534)

WordPress Plugin wp-buddha-free-adwords Security Bypass (1.0.0)

WordPress Plugin DMSGuestbook Multiple Remote Vulnerabilities (1.8.0)

Severity

Medium

Classification

CVE-2013-1854 CWE-20

Tags

Missing Update Known Vulnerabilities