Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2013-1854
Description:The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-1854
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain
RedHat Security Advisories: RHSA-2013:0699
http://rhn.redhat.com/errata/RHSA-2013-0699.html
RedHat Security Advisories: RHSA-2014:1863
http://rhn.redhat.com/errata/RHSA-2014-1863.html
SuSE Security Announcement: openSUSE-SU-2013:0659 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
SuSE Security Announcement: openSUSE-SU-2013:0660 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
SuSE Security Announcement: openSUSE-SU-2013:0664 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
SuSE Security Announcement: openSUSE-SU-2013:0667 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
SuSE Security Announcement: openSUSE-SU-2013:0668 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html




© 1998-2021 E-Soft Inc. All rights reserved.