2 matches found
openSUSE Security Update : rubygem-activerecord-2_3 (openSUSE-SU-2013:0660-1)
Changes in rubygem-activerecord-23 : - add patch to fix security issue : - bug-8099322-3-attributesymbols.patch: fix CVE-2013-1854: rubygem-activerecord: Symbol DoS vulnerability in Active Record bnc809932 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...
Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce params:name to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use on...