CVE-2013-4389 – Debian Security Advisory 2888-1

https://notcve.org/view.php?id=CVE-2013-4389

17 Oct 2013 — Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Múltiples vulnerabilidadews de format string en archivos log_subscriber.rb en el componente de suscripción de log de Action Mailer en Ruby on Rails 3.x anterior a 3.2.15 permite a atacantes remotos causar una denegac... • http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html • CWE-134: Use of Externally-Controlled Format String •