Lucene search

K
redhatRedHatRHSA-2013:0699
HistoryApr 02, 2013 - 12:00 a.m.

(RHSA-2013:0699) Moderate: ruby193-rubygem-activerecord security update

2013-04-0200:00:00
access.redhat.com
17

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.089 Low

EPSS

Percentile

93.6%

Ruby on Rails is a model–view–controller (MVC) framework for web
application development. Active Record implements object-relational mapping
for accessing database entries using objects.

A flaw was found in the way hashes were handled in certain queries. A
remote attacker could use this flaw to perform a denial of service
(resource consumption) attack by sending specially-crafted queries that
would result in the creation of Ruby symbols, which were never garbage
collected. (CVE-2013-1854)

Red Hat would like to thank Ruby on Rails upstream for reporting this
issue. Upstream acknowledges Ben Murphy as the original reporter.

Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct this issue.

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.089 Low

EPSS

Percentile

93.6%

Related for RHSA-2013:0699