Lucene search

[email protected]CVE-2013-1854

HistoryMar 19, 2013 - 10:55 p.m.

CVE-2013-1854

2013-03-1922:55:01

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-1854

active record

ruby on rails

denial of service

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.089 Low

EPSS

Percentile

94.6%

JSON

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

Affected configurations

NVD

Node

rubyonrailsrailsMatch2.3.0

rubyonrailsrailsMatch2.3.1

rubyonrailsrailsMatch2.3.2

rubyonrailsrailsMatch2.3.3

rubyonrailsrailsMatch2.3.4

rubyonrailsrailsMatch2.3.9

rubyonrailsrailsMatch2.3.10

rubyonrailsrailsMatch2.3.11

rubyonrailsrailsMatch2.3.12

rubyonrailsrailsMatch2.3.13

rubyonrailsrailsMatch2.3.14

rubyonrailsrailsMatch2.3.15

rubyonrailsrailsMatch2.3.16

rubyonrailsrailsMatch3.1.0

rubyonrailsrailsMatch3.1.0beta1

rubyonrailsrailsMatch3.1.0rc1

rubyonrailsrailsMatch3.1.0rc2

rubyonrailsrailsMatch3.1.0rc3

rubyonrailsrailsMatch3.1.0rc4

rubyonrailsrailsMatch3.1.0rc5

rubyonrailsrailsMatch3.1.0rc6

rubyonrailsrailsMatch3.1.0rc7

rubyonrailsrailsMatch3.1.0rc8

rubyonrailsrailsMatch3.1.1

rubyonrailsrailsMatch3.1.1rc1

rubyonrailsrailsMatch3.1.1rc2

rubyonrailsrailsMatch3.1.1rc3

rubyonrailsrailsMatch3.1.2

rubyonrailsrailsMatch3.1.2rc1

rubyonrailsrailsMatch3.1.2rc2

rubyonrailsrailsMatch3.1.3

rubyonrailsrailsMatch3.1.4

rubyonrailsrailsMatch3.1.4rc1

rubyonrailsrailsMatch3.1.5

rubyonrailsrailsMatch3.1.5rc1

rubyonrailsrailsMatch3.1.6

rubyonrailsrailsMatch3.1.7

rubyonrailsrailsMatch3.1.8

rubyonrailsrailsMatch3.1.9

rubyonrailsrailsMatch3.1.10

rubyonrailsrailsMatch3.2.0

rubyonrailsrailsMatch3.2.0rc1

rubyonrailsrailsMatch3.2.0rc2

rubyonrailsrailsMatch3.2.1

rubyonrailsrailsMatch3.2.2

rubyonrailsrailsMatch3.2.2rc1

rubyonrailsrailsMatch3.2.3

rubyonrailsrailsMatch3.2.3rc1

rubyonrailsrailsMatch3.2.3rc2

rubyonrailsrailsMatch3.2.4

rubyonrailsrailsMatch3.2.4rc1

rubyonrailsrailsMatch3.2.5

rubyonrailsrailsMatch3.2.6

rubyonrailsrailsMatch3.2.7

rubyonrailsrailsMatch3.2.8

rubyonrailsrailsMatch3.2.9

rubyonrailsrailsMatch3.2.10

rubyonrailsrailsMatch3.2.11

rubyonrailsrailsMatch3.2.12

rubyonrailsruby_on_railsMatch2.3.17

rubyonrailsruby_on_railsMatch3.1.11

Node

redhatenterprise_linuxMatch6.0

CPENameOperatorVersion
rubyonrails:railsrubyonrails railseq2.3.0
rubyonrails:railsrubyonrails railseq2.3.1
rubyonrails:railsrubyonrails railseq2.3.2
rubyonrails:railsrubyonrails railseq2.3.3
rubyonrails:railsrubyonrails railseq2.3.4
rubyonrails:railsrubyonrails railseq2.3.9
rubyonrails:railsrubyonrails railseq2.3.10
rubyonrails:railsrubyonrails railseq2.3.11
rubyonrails:railsrubyonrails railseq2.3.12
rubyonrails:railsrubyonrails railseq2.3.13

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	eq	2.3.0
rubyonrails:rails	rubyonrails rails	eq	2.3.1
rubyonrails:rails	rubyonrails rails	eq	2.3.2
rubyonrails:rails	rubyonrails rails	eq	2.3.3
rubyonrails:rails	rubyonrails rails	eq	2.3.4
rubyonrails:rails	rubyonrails rails	eq	2.3.9
rubyonrails:rails	rubyonrails rails	eq	2.3.10
rubyonrails:rails	rubyonrails rails	eq	2.3.11
rubyonrails:rails	rubyonrails rails	eq	2.3.12
rubyonrails:rails	rubyonrails rails	eq	2.3.13