Contents

--- 
gem: activerecord
framework: rails
cve: 2013-1854
osvdb: 91453
url: http://osvdb.org/show/osvdb/91453
title: Symbol DoS vulnerability in Active Record
date: 2013-03-19

description: | 
  When a hash is provided as the find value for a query, the keys of
  the hash may be converted to symbols. Carefully crafted requests can
  coerce `params[:name]` to return a hash, and the keys to that hash
  may be converted to symbols. Ruby symbols are not garbage collected,
  so an attacker can initiate a denial of service attack by creating a
  large number of symbols.

cvss_v2: 7.8

unaffected_versions:
  - ~> 3.0.0

patched_versions: 
  - ~> 2.3.18
  - ~> 3.1.12
  - ">= 3.2.13"

Version data entries

14 entries across 14 versions & 3 rubygems

Version	Path
bundler-budit-0.6.2	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-budit-0.6.1	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-audit-0.6.1	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-audit-0.6.0	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-audit-0.5.0	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-audit-0.4.0	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-audit-0.3.1	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
mrjoy-bundler-audit-0.3.3	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
mrjoy-bundler-audit-0.3.2	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
mrjoy-bundler-audit-0.3.1	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-audit-0.3.0	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
mrjoy-bundler-audit-0.2.1	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
bundler-audit-0.2.0	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
mrjoy-bundler-audit-0.1.4	data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml