RubySec

Providing security resources for the Ruby community

CVE-2013-6414 (actionpack): Denial of Service Vulnerability in Action View

ADVISORIES

GEM

actionpack

FRAMEWORK

rails

SEVERITY

CVSS v2: 5.0

UNAFFECTED VERSIONS

  • ~> 2.3.0

PATCHED VERSIONS

  • ~> 3.2.16
  • >= 4.0.2

DESCRIPTION

There is a denial of service vulnerability in the header handling component of Action View.