CVE-2013-4389
Debian Security Advisory 2888-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
Múltiples vulnerabilidadews de format string en archivos log_subscriber.rb en el componente de suscripción de log de Action Mailer en Ruby on Rails 3.x anterior a 3.2.15 permite a atacantes remotos causar una denegación de servicio a través de una dirección de email manipulada que es manejada de manera inapropiada durante la construcción de un mensaje de log.
Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-10-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html | 2023-05-19 | |
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html | 2023-05-19 | |
| http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html | 2023-05-19 | |
| http://www.debian.org/security/2014/dsa-2887 | 2023-05-19 | |
| http://www.debian.org/security/2014/dsa-2888 | 2023-05-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | >= 3.0.0 < 3.2.15 Search vendor "Rubyonrails" for product "Rails" and version " >= 3.0.0 < 3.2.15" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.3 Search vendor "Opensuse" for product "Opensuse" and version "12.3" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||