The Active Record component in Ruby on Rails 2.3.x prior to 2.3.18, 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote malicious users to cause a denial of service via crafted input to a where method.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rubyonrails ruby on rails 2.3.17 |
||
rubyonrails ruby on rails 3.1.11 |
||
rubyonrails rails 2.3.0 |
||
rubyonrails rails 2.3.1 |
||
rubyonrails rails 2.3.2 |
||
rubyonrails rails 2.3.3 |
||
rubyonrails rails 2.3.4 |
||
rubyonrails rails 2.3.9 |
||
rubyonrails rails 2.3.10 |
||
rubyonrails rails 2.3.11 |
||
rubyonrails rails 2.3.12 |
||
rubyonrails rails 2.3.13 |
||
rubyonrails rails 2.3.14 |
||
rubyonrails rails 2.3.15 |
||
rubyonrails rails 2.3.16 |
||
rubyonrails rails 3.1.0 |
||
rubyonrails rails 3.1.1 |
||
rubyonrails rails 3.1.2 |
||
rubyonrails rails 3.1.4 |
||
rubyonrails rails 3.1.5 |
||
rubyonrails rails 3.2.0 |
||
rubyonrails rails 3.2.7 |
||
rubyonrails rails 3.2.8 |
||
rubyonrails rails 3.2.9 |
||
rubyonrails rails 3.1.3 |
||
rubyonrails rails 3.1.6 |
||
rubyonrails rails 3.1.7 |
||
rubyonrails rails 3.1.8 |
||
rubyonrails rails 3.1.9 |
||
rubyonrails rails 3.1.10 |
||
rubyonrails rails 3.2.1 |
||
rubyonrails rails 3.2.5 |
||
rubyonrails rails 3.2.6 |
||
rubyonrails rails 3.2.10 |
||
rubyonrails rails 3.2.11 |
||
rubyonrails rails 3.2.12 |
||
rubyonrails rails 3.2.2 |
||
rubyonrails rails 3.2.3 |
||
rubyonrails rails 3.2.4 |
||
redhat enterprise linux 6.0 |
Vulmon