CVE-2013-4389 rubygem-actionmailer: email address processing DoS
Published: October 16, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-4389 (NVD)
- GHSA: GHSA-rg5m-3fqp-6px8
- OSVDB: OSVDB-98629
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 4.3 (Medium)
UNAFFECTED VERSIONS
~> 2.3.2
PATCHED VERSIONS
>= 3.2.15
DESCRIPTION
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.