CVE-2013-1854
rubygem-activerecord: attribute_dos Symbol DoS vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
El componente Active Record en Ruby on Rails v2.3.x anterior a v2.3.18, v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, procesa determinadas consultas mediante la conversión de los hash de las claves a símbolos, lo que permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada al método "where".
A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-19 CVE Reserved
- 2013-03-19 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://support.apple.com/kb/HT5784 | X_refsource_confirm | |
http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released | X_refsource_confirm | |
https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.0 Search vendor "Rubyonrails" for product "Rails" and version "2.3.0" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.1 Search vendor "Rubyonrails" for product "Rails" and version "2.3.1" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.2 Search vendor "Rubyonrails" for product "Rails" and version "2.3.2" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.3 Search vendor "Rubyonrails" for product "Rails" and version "2.3.3" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.4 Search vendor "Rubyonrails" for product "Rails" and version "2.3.4" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.9 Search vendor "Rubyonrails" for product "Rails" and version "2.3.9" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.10 Search vendor "Rubyonrails" for product "Rails" and version "2.3.10" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.11 Search vendor "Rubyonrails" for product "Rails" and version "2.3.11" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.12 Search vendor "Rubyonrails" for product "Rails" and version "2.3.12" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.13 Search vendor "Rubyonrails" for product "Rails" and version "2.3.13" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.14 Search vendor "Rubyonrails" for product "Rails" and version "2.3.14" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.15 Search vendor "Rubyonrails" for product "Rails" and version "2.3.15" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 2.3.16 Search vendor "Rubyonrails" for product "Rails" and version "2.3.16" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | beta1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc3 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc4 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc5 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc6 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc7 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.0 Search vendor "Rubyonrails" for product "Rails" and version "3.1.0" | rc8 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.1 Search vendor "Rubyonrails" for product "Rails" and version "3.1.1" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.1 Search vendor "Rubyonrails" for product "Rails" and version "3.1.1" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.1 Search vendor "Rubyonrails" for product "Rails" and version "3.1.1" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.1 Search vendor "Rubyonrails" for product "Rails" and version "3.1.1" | rc3 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.2 Search vendor "Rubyonrails" for product "Rails" and version "3.1.2" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.2 Search vendor "Rubyonrails" for product "Rails" and version "3.1.2" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.2 Search vendor "Rubyonrails" for product "Rails" and version "3.1.2" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.3 Search vendor "Rubyonrails" for product "Rails" and version "3.1.3" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.4 Search vendor "Rubyonrails" for product "Rails" and version "3.1.4" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.4 Search vendor "Rubyonrails" for product "Rails" and version "3.1.4" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.5 Search vendor "Rubyonrails" for product "Rails" and version "3.1.5" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.5 Search vendor "Rubyonrails" for product "Rails" and version "3.1.5" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.6 Search vendor "Rubyonrails" for product "Rails" and version "3.1.6" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.7 Search vendor "Rubyonrails" for product "Rails" and version "3.1.7" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.8 Search vendor "Rubyonrails" for product "Rails" and version "3.1.8" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.9 Search vendor "Rubyonrails" for product "Rails" and version "3.1.9" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.1.10 Search vendor "Rubyonrails" for product "Rails" and version "3.1.10" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.0 Search vendor "Rubyonrails" for product "Rails" and version "3.2.0" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.0 Search vendor "Rubyonrails" for product "Rails" and version "3.2.0" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.0 Search vendor "Rubyonrails" for product "Rails" and version "3.2.0" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.1 Search vendor "Rubyonrails" for product "Rails" and version "3.2.1" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.2 Search vendor "Rubyonrails" for product "Rails" and version "3.2.2" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.2 Search vendor "Rubyonrails" for product "Rails" and version "3.2.2" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.3 Search vendor "Rubyonrails" for product "Rails" and version "3.2.3" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.3 Search vendor "Rubyonrails" for product "Rails" and version "3.2.3" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.3 Search vendor "Rubyonrails" for product "Rails" and version "3.2.3" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.4 Search vendor "Rubyonrails" for product "Rails" and version "3.2.4" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.4 Search vendor "Rubyonrails" for product "Rails" and version "3.2.4" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.5 Search vendor "Rubyonrails" for product "Rails" and version "3.2.5" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.6 Search vendor "Rubyonrails" for product "Rails" and version "3.2.6" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.7 Search vendor "Rubyonrails" for product "Rails" and version "3.2.7" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.8 Search vendor "Rubyonrails" for product "Rails" and version "3.2.8" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.9 Search vendor "Rubyonrails" for product "Rails" and version "3.2.9" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.10 Search vendor "Rubyonrails" for product "Rails" and version "3.2.10" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.11 Search vendor "Rubyonrails" for product "Rails" and version "3.2.11" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 3.2.12 Search vendor "Rubyonrails" for product "Rails" and version "3.2.12" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Ruby On Rails Search vendor "Rubyonrails" for product "Ruby On Rails" | 2.3.17 Search vendor "Rubyonrails" for product "Ruby On Rails" and version "2.3.17" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Ruby On Rails Search vendor "Rubyonrails" for product "Ruby On Rails" | 3.1.11 Search vendor "Rubyonrails" for product "Ruby On Rails" and version "3.1.11" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
|