GHSA-mpxf-gcw2-pw5q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mpxf-gcw2-pw5q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-mpxf-gcw2-pw5q/GHSA-mpxf-gcw2-pw5q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mpxf-gcw2-pw5q
- Aliases
-
- CVE-2013-6414
- Published
- 2017-10-24T18:33:37Z
- Modified
- 2024-11-29T05:41:37.664367Z
- Summary
- actionpack Improper Input Validation vulnerability
- Details
-
actionpack/lib/action_view/lookup_context.rbin Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. - Database specific
{ "nvd_published_at": "2013-12-07T00:55:03Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:46:47Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-6414
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml
- https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ
- https://puppet.com/security/cve/cve-2013-6414
- https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836
- https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
- http://rhn.redhat.com/errata/RHSA-2013-1794.html
- http://rhn.redhat.com/errata/RHSA-2014-0008.html
- http://rhn.redhat.com/errata/RHSA-2014-1863.html
- http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
- http://www.debian.org/security/2014/dsa-2888
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
Affected packages
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4.rc1
3.0.4
3.0.5.rc1
3.0.5
3.0.6.rc1
3.0.6.rc2
3.0.6
3.0.7.rc1
3.0.7.rc2
3.0.7
3.0.8.rc1
3.0.8.rc2
3.0.8.rc4
3.0.8
3.0.9.rc1
3.0.9.rc3
3.0.9.rc4
3.0.9.rc5
3.0.9
3.0.10.rc1
3.0.10
3.0.11
3.0.12.rc1
3.0.12
3.0.13.rc1
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.1.0.beta1
3.1.0.rc1
3.1.0.rc2
3.1.0.rc3
3.1.0.rc4
3.1.0.rc5
3.1.0.rc6
3.1.0.rc8
3.1.0
3.1.1.rc1
3.1.1.rc2
3.1.1.rc3
3.1.1
3.1.2.rc1
3.1.2.rc2
3.1.2
3.1.3
3.1.4.rc1
3.1.4
3.1.5.rc1
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.2.0.rc1
3.2.0.rc2
3.2.0
3.2.1
3.2.2.rc1
3.2.2
3.2.3.rc1
3.2.3.rc2
3.2.3
3.2.4.rc1
3.2.4
3.2.5
3.2.6
3.2.7.rc1
3.2.7
3.2.8.rc1
3.2.8.rc2
3.2.8
3.2.9.rc1
3.2.9.rc2
3.2.9.rc3
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13.rc1
3.2.13.rc2
3.2.13
3.2.14.rc1
3.2.14.rc2
3.2.14
3.2.15.rc1
3.2.15.rc2
3.2.15.rc3
3.2.15
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack