Vulnerability in ruby-activerecord < 3.2.13 allow remote denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by
converting hash keys to symbols, which allows remote attackers to cause
a denial of service via crafted input to a where method.
(from redmine: issue id 1747, created on 2013-03-29, closed on 2013-04-17)
- Relations:
- child #1748 (closed)
- child #1749 (closed)
- child #1750 (closed)
- Changesets:
- Revision 4620dcb6 by Natanael Copa on 2013-04-12T14:15:49Z:
main/ruby-activerecord: security upgrade to 3.2.13 (CVE-2013-1854)
fixes #1747