Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-1854HistoryMar 19, 2013 - 10:55 p.m.
CVE-2013-1854
2013-03-1922:55:01
Debian Security Bug Tracker
security-tracker.debian.org
21
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.089 Low
EPSS
Percentile
94.6%
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | rails | < 2.3.14.1 | rails_2.3.14.1_all.deb |
| Debian | 11 | all | rails | < 2.3.14.1 | rails_2.3.14.1_all.deb |
| Debian | 999 | all | rails | < 2.3.14.1 | rails_2.3.14.1_all.deb |
| Debian | 13 | all | rails | < 2.3.14.1 | rails_2.3.14.1_all.deb |
Related
nessus
nessus
RHEL 6 : ruby193-rubygem-activerecord (RHSA-2013:0699)
2018-12-06 00:00:00
prion
prion
Design/Logic Flaw
2013-03-19 22:55:00
ubuntucve
ubuntucve
CVE-2013-1854
2013-03-19 00:00:00
github
github
Active Record Improper Input Validation
2017-10-24 18:33:37
gitlab
gitlab
Symbol DoS vulnerability in Active Record
2013-03-19 00:00:00
osv
osv
Active Record Improper Input Validation
2017-10-24 18:33:37
nvd
nvd
CVE-2013-1854
2013-03-19 22:55:01
cve
cve
CVE-2013-1854
2013-03-19 22:55:01
cvelist
cvelist
CVE-2013-1854
2013-03-19 22:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:20
redhat
redhat
(RHSA-2013:0699) Moderate: ruby193-rubygem-activerecord security update
2013-04-02 00:00:00
(RHSA-2014:1863) Important: Subscription Asset Manager 1.4 security update
2014-11-17 00:00:00
rubygems
rubygems
CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
2013-03-18 20:00:00
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2013-4139
2013-04-02 00:00:00
Fedora Update for rubygem-activerecord FEDORA-2013-4139
2013-04-02 00:00:00
Debian: Security Advisory (DSA-2655-1)
2013-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-5.fc18
2013-03-30 21:32:07
ibm
ibm
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-03-18 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, XSS Vulnerabilities
2013-03-19 16:31:57
debian
debian
[SECURITY] [DSA 2655-1] rails security update
2013-03-28 16:15:56
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.089 Low
EPSS
Percentile
94.6%
Related for DEBIANCVE:CVE-2013-1854