CVE-2013-1854

🗓️ 19 Mar 2013 22:00:00Reported by redhatType

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, leading to a denial of service via crafted input

Reporter	Title	Published	Views	Family All 47
IBM Security Bulletins	Security Bulletin: IBM Security Network Protection can be affected by Cross-Site Scripting and Symbol Denial of Service vulnerabilities in Ruby on Rails (CVE-2013-1854, CVE-2013-1857, CVE-2013-1855)	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Aspera Console	25 Sep 202516:50	–	ibm
Cvelist	CVE-2013-1854	19 Mar 201322:00	–	cvelist
FreeBSD	rubygem-rails -- multiple vulnerabilities	18 Mar 201300:00	–	freebsd
Debian	[SECURITY] [DSA 2655-1] rails security update	28 Mar 201316:15	–	debian
Debian CVE	CVE-2013-1854	19 Mar 201322:00	–	debiancve
Tenable Nessus	Debian DSA-2655-1 : rails - several vulnerabilities	29 Mar 201300:00	–	nessus
Tenable Nessus	Fedora 18 : rubygem-activerecord-3.2.8-5.fc18 (2013-4139)	1 Apr 201300:00	–	nessus
Tenable Nessus	FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)	12 Apr 201300:00	–	nessus
Tenable Nessus	GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities	15 Dec 201400:00	–	nessus

NVD

Node

rubyonrails railsMatch2.3.0

rubyonrails railsMatch2.3.1

rubyonrails railsMatch2.3.2

rubyonrails railsMatch2.3.3

rubyonrails railsMatch2.3.4

rubyonrails railsMatch2.3.9

rubyonrails railsMatch2.3.10

rubyonrails railsMatch2.3.11

rubyonrails railsMatch2.3.12

rubyonrails railsMatch2.3.13

rubyonrails railsMatch2.3.14

rubyonrails railsMatch2.3.15

rubyonrails railsMatch2.3.16

rubyonrails railsMatch3.1.0

rubyonrails railsMatch3.1.0beta1

rubyonrails railsMatch3.1.0rc1

rubyonrails railsMatch3.1.0rc2

rubyonrails railsMatch3.1.0rc3

rubyonrails railsMatch3.1.0rc4

rubyonrails railsMatch3.1.0rc5

rubyonrails railsMatch3.1.0rc6

rubyonrails railsMatch3.1.0rc7

rubyonrails railsMatch3.1.0rc8

rubyonrails railsMatch3.1.1

rubyonrails railsMatch3.1.1rc1

rubyonrails railsMatch3.1.1rc2

rubyonrails railsMatch3.1.1rc3

rubyonrails railsMatch3.1.2

rubyonrails railsMatch3.1.2rc1

rubyonrails railsMatch3.1.2rc2

rubyonrails railsMatch3.1.3

rubyonrails railsMatch3.1.4

rubyonrails railsMatch3.1.4rc1

rubyonrails railsMatch3.1.5

rubyonrails railsMatch3.1.5rc1

rubyonrails railsMatch3.1.6

rubyonrails railsMatch3.1.7

rubyonrails railsMatch3.1.8

rubyonrails railsMatch3.1.9

rubyonrails railsMatch3.1.10

rubyonrails railsMatch3.2.0

rubyonrails railsMatch3.2.0rc1

rubyonrails railsMatch3.2.0rc2

rubyonrails railsMatch3.2.1

rubyonrails railsMatch3.2.2

rubyonrails railsMatch3.2.2rc1

rubyonrails railsMatch3.2.3

rubyonrails railsMatch3.2.3rc1

rubyonrails railsMatch3.2.3rc2

rubyonrails railsMatch3.2.4

rubyonrails railsMatch3.2.4rc1

rubyonrails railsMatch3.2.5

rubyonrails railsMatch3.2.6

rubyonrails railsMatch3.2.7

rubyonrails railsMatch3.2.8

rubyonrails railsMatch3.2.9

rubyonrails railsMatch3.2.10

rubyonrails railsMatch3.2.11

rubyonrails railsMatch3.2.12

rubyonrails ruby_on_railsMatch2.3.17

rubyonrails ruby_on_railsMatch3.1.11

Node

redhat enterprise_linuxMatch6.0

Source	Link
support	www.support.apple.com/kb/HT5784
lists	www.lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
rhn	www.rhn.redhat.com/errata/RHSA-2013-0699.html
lists	www.lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
lists	www.lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
lists	www.lists.opensuse.org/opensuse-updates/2013-04/msg00079.html
lists	www.lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
lists	www.lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
lists	www.lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
weblog	www.weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

29 Apr 2026 01:13Current

6.3Medium risk

Vulners AI Score6.3

CVSS 25

EPSS0.01795

CWE-20