Moderate severity vulnerability that affects activerecord

2017-10-24T18:33:37
ID GHSA-3CRR-9VMG-864V
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:00

Description

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.