An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcnItOXZtZy04NjR2

Improper Input Validation in Active Record

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: 3 months ago

Identifiers: GHSA-3crr-9vmg-864v, CVE-2013-1854

Affected Packages

Versions: >= 3.2.0, < 3.2.13, >= 3.1.0, < 3.1.12, >= 2.3.0, < 2.3.18
Fixed in: 3.2.13, 3.1.12, 2.3.18