RubySec

Providing security resources for the Ruby community

CVE-2014-0082 (actionpack): Denial of Service Vulnerability in Action View when using render :text

ADVISORIES

GEM

actionpack

FRAMEWORK

rails

SEVERITY

CVSS v2: 5.0

UNAFFECTED VERSIONS

  • >= 4.0.0

PATCHED VERSIONS

  • >= 3.2.17

DESCRIPTION

Ruby on Rails contains a flaw in actionpack/lib/action_view/template/text.rb in the text rendering component of Action View that is triggered when handling MIME types that are converted to symbols. This may allow a remote attacker to cause a denial of service.