Description
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Forms PHP Object Injection (0.87)
WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)
WordPress Plugin WishList Member X Remote Code Execution (3.25.1)
XWiki Incorrect Use of Privileged APIs Vulnerability (CVE-2022-24821)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)