GHSA-7cgp-c3g7-qvrw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7cgp-c3g7-qvrw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-7cgp-c3g7-qvrw/GHSA-7cgp-c3g7-qvrw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7cgp-c3g7-qvrw
- Aliases
- Published
- 2017-10-24T18:33:36Z
- Modified
- 2024-12-02T05:45:01.069702Z
- Summary
- actionpack Improper Input Validation vulnerability
- Details
-
actionpack/lib/action_view/template/text.rbin Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the:textoption to therendermethod, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. - Database specific
{ "nvd_published_at": "2014-02-20T15:27:09Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:22:28Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0082
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml
- https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ
- https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
- http://openwall.com/lists/oss-security/2014/02/18/10
- http://rhn.redhat.com/errata/RHSA-2014-0215.html
- http://rhn.redhat.com/errata/RHSA-2014-0306.html
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
Affected packages
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4.rc1
3.0.4
3.0.5.rc1
3.0.5
3.0.6.rc1
3.0.6.rc2
3.0.6
3.0.7.rc1
3.0.7.rc2
3.0.7
3.0.8.rc1
3.0.8.rc2
3.0.8.rc4
3.0.8
3.0.9.rc1
3.0.9.rc3
3.0.9.rc4
3.0.9.rc5
3.0.9
3.0.10.rc1
3.0.10
3.0.11
3.0.12.rc1
3.0.12
3.0.13.rc1
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.1.0.beta1
3.1.0.rc1
3.1.0.rc2
3.1.0.rc3
3.1.0.rc4
3.1.0.rc5
3.1.0.rc6
3.1.0.rc8
3.1.0
3.1.1.rc1
3.1.1.rc2
3.1.1.rc3
3.1.1
3.1.2.rc1
3.1.2.rc2
3.1.2
3.1.3
3.1.4.rc1
3.1.4
3.1.5.rc1
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.2.0.rc1
3.2.0.rc2
3.2.0
3.2.1
3.2.2.rc1
3.2.2
3.2.3.rc1
3.2.3.rc2
3.2.3
3.2.4.rc1
3.2.4
3.2.5
3.2.6
3.2.7.rc1
3.2.7
3.2.8.rc1
3.2.8.rc2
3.2.8
3.2.9.rc1
3.2.9.rc2
3.2.9.rc3
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13.rc1
3.2.13.rc2
3.2.13
3.2.14.rc1
3.2.14.rc2
3.2.14
3.2.15.rc1
3.2.15.rc2
3.2.15.rc3
3.2.15
3.2.16