The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-19T22:00:00

Updated: 2024-08-06T15:20:36.703Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1854

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-03-19T22:55:01.000

Modified: 2024-11-21T01:50:31.507

Link: CVE-2013-1854

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-03-18T00:00:00Z

Links: CVE-2013-1854 - Bugzilla