CVE-2013-1854
Description
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
1.795
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-1854 are fixed in Ruby-activerecord 2.3.18 | Windows |
| Vulnerabilities CVE-2013-1854 are fixed in Ruby-activerecord 3.1.12 | Windows |
| Vulnerabilities CVE-2013-1854 are fixed in Ruby-activerecord 3.2.13 | Windows |
| Vulnerabilities CVE-2013-1854 are fixed in Ruby-activerecord for Linux 2.3.18 | Linux |
| Vulnerabilities CVE-2013-1854 are fixed in Ruby-activerecord for Linux 3.1.12 | Linux |
| Vulnerabilities CVE-2013-1854 are fixed in Ruby-activerecord for Linux 3.2.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234