Back to search
CVE-2014-0082
Published: Feb 20, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2014:0215
vendor-advisory
x_refsource_REDHAT
57836
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:0306
vendor-advisory
x_refsource_REDHAT
https://puppet.com/security/cve/cve-2014-0082
x_refsource_CONFIRM
openSUSE-SU-2014:0295
vendor-advisory
x_refsource_SUSE
57376
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)
mailing-list
x_refsource_MLIST
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now