// For flags

CVE-2013-1854

rubygem-activerecord: attribute_dos Symbol DoS vulnerability

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

El componente Active Record en Ruby on Rails v2.3.x anterior a v2.3.18, v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, procesa determinadas consultas mediante la conversión de los hash de las claves a símbolos, lo que permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada al método "where".

A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-02-19 CVE Reserved
  • 2013-03-19 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.0
Search vendor "Rubyonrails" for product "Rails" and version "2.3.0"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.1
Search vendor "Rubyonrails" for product "Rails" and version "2.3.1"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.2
Search vendor "Rubyonrails" for product "Rails" and version "2.3.2"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.3
Search vendor "Rubyonrails" for product "Rails" and version "2.3.3"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.4
Search vendor "Rubyonrails" for product "Rails" and version "2.3.4"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.9
Search vendor "Rubyonrails" for product "Rails" and version "2.3.9"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.10
Search vendor "Rubyonrails" for product "Rails" and version "2.3.10"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.11
Search vendor "Rubyonrails" for product "Rails" and version "2.3.11"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.12
Search vendor "Rubyonrails" for product "Rails" and version "2.3.12"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.13
Search vendor "Rubyonrails" for product "Rails" and version "2.3.13"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.14
Search vendor "Rubyonrails" for product "Rails" and version "2.3.14"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.15
Search vendor "Rubyonrails" for product "Rails" and version "2.3.15"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
2.3.16
Search vendor "Rubyonrails" for product "Rails" and version "2.3.16"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
beta1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc2
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc3
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc4
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc5
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc6
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc7
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.0
Search vendor "Rubyonrails" for product "Rails" and version "3.1.0"
rc8
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.1
Search vendor "Rubyonrails" for product "Rails" and version "3.1.1"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.1
Search vendor "Rubyonrails" for product "Rails" and version "3.1.1"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.1
Search vendor "Rubyonrails" for product "Rails" and version "3.1.1"
rc2
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.1
Search vendor "Rubyonrails" for product "Rails" and version "3.1.1"
rc3
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.2
Search vendor "Rubyonrails" for product "Rails" and version "3.1.2"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.2
Search vendor "Rubyonrails" for product "Rails" and version "3.1.2"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.2
Search vendor "Rubyonrails" for product "Rails" and version "3.1.2"
rc2
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.3
Search vendor "Rubyonrails" for product "Rails" and version "3.1.3"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.4
Search vendor "Rubyonrails" for product "Rails" and version "3.1.4"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.4
Search vendor "Rubyonrails" for product "Rails" and version "3.1.4"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.5
Search vendor "Rubyonrails" for product "Rails" and version "3.1.5"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.5
Search vendor "Rubyonrails" for product "Rails" and version "3.1.5"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.6
Search vendor "Rubyonrails" for product "Rails" and version "3.1.6"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.7
Search vendor "Rubyonrails" for product "Rails" and version "3.1.7"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.8
Search vendor "Rubyonrails" for product "Rails" and version "3.1.8"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.9
Search vendor "Rubyonrails" for product "Rails" and version "3.1.9"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.1.10
Search vendor "Rubyonrails" for product "Rails" and version "3.1.10"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.0
Search vendor "Rubyonrails" for product "Rails" and version "3.2.0"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.0
Search vendor "Rubyonrails" for product "Rails" and version "3.2.0"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.0
Search vendor "Rubyonrails" for product "Rails" and version "3.2.0"
rc2
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.1
Search vendor "Rubyonrails" for product "Rails" and version "3.2.1"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.2
Search vendor "Rubyonrails" for product "Rails" and version "3.2.2"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.2
Search vendor "Rubyonrails" for product "Rails" and version "3.2.2"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.3
Search vendor "Rubyonrails" for product "Rails" and version "3.2.3"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.3
Search vendor "Rubyonrails" for product "Rails" and version "3.2.3"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.3
Search vendor "Rubyonrails" for product "Rails" and version "3.2.3"
rc2
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.4
Search vendor "Rubyonrails" for product "Rails" and version "3.2.4"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.4
Search vendor "Rubyonrails" for product "Rails" and version "3.2.4"
rc1
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.5
Search vendor "Rubyonrails" for product "Rails" and version "3.2.5"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.6
Search vendor "Rubyonrails" for product "Rails" and version "3.2.6"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.7
Search vendor "Rubyonrails" for product "Rails" and version "3.2.7"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.8
Search vendor "Rubyonrails" for product "Rails" and version "3.2.8"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.9
Search vendor "Rubyonrails" for product "Rails" and version "3.2.9"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.10
Search vendor "Rubyonrails" for product "Rails" and version "3.2.10"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.11
Search vendor "Rubyonrails" for product "Rails" and version "3.2.11"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Rails
Search vendor "Rubyonrails" for product "Rails"
3.2.12
Search vendor "Rubyonrails" for product "Rails" and version "3.2.12"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Ruby On Rails
Search vendor "Rubyonrails" for product "Ruby On Rails"
2.3.17
Search vendor "Rubyonrails" for product "Ruby On Rails" and version "2.3.17"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
Ruby On Rails
Search vendor "Rubyonrails" for product "Ruby On Rails"
3.1.11
Search vendor "Rubyonrails" for product "Ruby On Rails" and version "3.1.11"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Affected