Denial of Service Vulnerability in Ruby on Rails Action View for MIME Type Handling
CVE-2014-0082

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Ruby On Rails
Rails
Vendor
CVE Published:
20 February 2014

What is CVE-2014-0082?

A vulnerability exists in the Action View component of Ruby on Rails versions below 3.2.17, which improperly converts MIME type strings to symbols when using the :text option in the render method. This flaw allows remote attackers to exploit the system, leading to a denial of service through excessive memory consumption if specially crafted strings are sent in headers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://groups.google.com/forum/message/raw?msg=rubyonrai...
mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2014-0215.html
vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/57836
third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.