ADVISORIES
- CVE-2013-4389 (NVD)
- GHSA-rg5m-3fqp-6px8
- OSVDB-98629
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 4.3 (Medium)
UNAFFECTED VERSIONS
- ~> 2.3.2
PATCHED VERSIONS
- >= 3.2.15
DESCRIPTION
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.