Sha256: 0d64f8da6277d161fc5f482928eaee5935ea928c961225788e57c3c6016667ef
Contents?: true
Size: 694 Bytes
Versions: 1
Compression:
Stored size: 694 Bytes
Contents
--- gem: activerecord framework: rails cve: 2013-1854 osvdb: 91453 url: https://nvd.nist.gov/vuln/detail/CVE-2013-1854 title: Symbol DoS vulnerability in Active Record date: 2013-03-19 description: | When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. Ruby symbols are not garbage collected, so an attacker can initiate a denial of service attack by creating a large number of symbols. cvss_v2: 7.8 unaffected_versions: - ~> 3.0.0 patched_versions: - ~> 2.3.18 - ~> 3.1.12 - ">= 3.2.13"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/activerecord/CVE-2013-1854.yml |