Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Input Validation Vulnerability - CVE-2013-1854 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Input Validation Vulnerability - CVE-2013-1854

Medium
Reference: CVE-2013-1854
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-1854
Title: Ruby on Rails Improper Input Validation Vulnerability
Overview:

The Active Record component in Ruby on Rails 2.3.x before 2.3.18 3.1.x before 3.1.12 and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols which allows remote attackers to cause a denial of service via crafted input to a where method.