Description

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Remediation

References

CVE-2014-0082

Related Vulnerabilities

WordPress Plugin Ultimate WordPress Auction Cross-Site Request Forgery (1.0.0)

Seo Panel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-100024)

WordPress Plugin MailPoet Newsletters (Previous) Multiple Vulnerabilities (2.7.2)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035)

OpenSSL Other Vulnerability (CVE-2010-4180)

Severity

Medium

Classification

CVE-2014-0082 CWE-20

Tags

Missing Update Known Vulnerabilities