Improper input validation in Rubyonrails Rails
CVE-2014-0082
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of ser…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.065 (91.2th percentile) — read the EPSS interpretation.
Affected products
- Rubyonrails Rails — versions 3.0.0, 3.0.1, 3.0.2
- Rubyonrails Ruby_on_rails — versions 3.0.4, 3.2.14, 3.2.15
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- [rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082) (mailing-list, x_refsource_MLIST)
- RHSA-2014:0215 (x_refsource_REDHAT, vendor-advisory)
- 57836 (x_refsource_SECUNIA, third-party-advisory)
- RHSA-2014:0306 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- openSUSE-SU-2014:0295 (vendor-advisory, x_refsource_SUSE)
- 57376 (x_refsource_SECUNIA, third-party-advisory)
- [oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082) (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2014-0082?
- CVE-2014-0082 is a vulnerability in Rubyonrails Rails, classified under Improper Input Validation. Published 2014-02-20.
- Is CVE-2014-0082 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.