5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.089 Low
EPSS
Percentile
93.6%
Ruby on Rails is a model–view–controller (MVC) framework for web
application development. Active Record implements object-relational mapping
for accessing database entries using objects.
A flaw was found in the way hashes were handled in certain queries. A
remote attacker could use this flaw to perform a denial of service
(resource consumption) attack by sending specially-crafted queries that
would result in the creation of Ruby symbols, which were never garbage
collected. (CVE-2013-1854)
Red Hat would like to thank Ruby on Rails upstream for reporting this
issue. Upstream acknowledges Ben Murphy as the original reporter.
Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | ruby193-rubygem-activerecord | < 3.2.8-6.el6 | ruby193-rubygem-activerecord-3.2.8-6.el6.noarch.rpm |
RedHat | 6 | src | ruby193-rubygem-activerecord | < 3.2.8-6.el6 | ruby193-rubygem-activerecord-3.2.8-6.el6.src.rpm |
RedHat | 6 | noarch | ruby193-rubygem-activerecord-doc | < 3.2.8-6.el6 | ruby193-rubygem-activerecord-doc-3.2.8-6.el6.noarch.rpm |