CVE-2013-1854 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-1854 Interim 1 15 2023-02-15T02:11:21Z current 2021-05-30T13:10:48Z 2023-02-15T02:11:21Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-1854 The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2013-April/000430.html E-Mail link for SUSE-SU-2013:0707-1 https://lists.suse.com/pipermail/sle-security-updates/2013-May/000447.html E-Mail link for SUSE-SU-2013:0707-2 https://lists.suse.com/pipermail/sle-security-updates/2013-June/000483.html E-Mail link for SUSE-SU-2013:1036-1 https://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html E-Mail link for openSUSE-SU-2013:0659-1 https://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html E-Mail link for openSUSE-SU-2013:0660-1 https://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html E-Mail link for openSUSE-SU-2013:0664-1 https://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html E-Mail link for openSUSE-SU-2013:0667-1 https://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html E-Mail link for openSUSE-SU-2013:0668-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Studio Onsite 1.3 SUSE Studio Onsite Runner 1.2 SUSE WebYast 1.3 rubygem-actionmailer-3_2-3.2.12-0.5.9 rubygem-actionpack-2_3-2.3.17-0.11.1 rubygem-actionpack-2_3-2.3.17-0.8.8.1 rubygem-actionpack-3_2-3.2.12-0.7.1 rubygem-activemodel-3_2-3.2.12-0.5.8 rubygem-activerecord-2_3-2.3.17-0.11.1 rubygem-activerecord-2_3-2.3.17-0.8.8.1 rubygem-activerecord-3_2-3.2.12-0.11.1 rubygem-activerecord-3_2-3.2.12-0.7.1 rubygem-activeresource-3_2-3.2.12-0.5.8 rubygem-activesupport-2_3-2.3.17-0.11.1 rubygem-activesupport-2_3-2.3.17-0.8.8.1 rubygem-activesupport-3_2-3.2.12-0.5.8 rubygem-rack-1_4-1.4.5-0.5.8 rubygem-rails-3_2-3.2.12-0.5.10 rubygem-railties-3_2-3.2.12-0.7.9 susestudio-1.3.1.0-0.5.2 susestudio-bundled-packages-1.3.1.0-0.5.2 susestudio-common-1.3.1.0-0.5.2 susestudio-runner-1.3.1.0-0.5.2 susestudio-sid-1.3.1.0-0.5.2 susestudio-ui-server-1.3.1.0-0.5.2 rubygem-actionmailer-3_2-3.2.12-0.5.9 as a component of SUSE Lifecycle Management Server 1.3 rubygem-actionpack-3_2-3.2.12-0.7.1 as a component of SUSE Lifecycle Management Server 1.3 rubygem-activemodel-3_2-3.2.12-0.5.8 as a component of SUSE Lifecycle Management Server 1.3 rubygem-activerecord-3_2-3.2.12-0.7.1 as a component of SUSE Lifecycle Management Server 1.3 rubygem-activeresource-3_2-3.2.12-0.5.8 as a component of SUSE Lifecycle Management Server 1.3 rubygem-activesupport-3_2-3.2.12-0.5.8 as a component of SUSE Lifecycle Management Server 1.3 rubygem-rack-1_4-1.4.5-0.5.8 as a component of SUSE Lifecycle Management Server 1.3 rubygem-rails-3_2-3.2.12-0.5.10 as a component of SUSE Lifecycle Management Server 1.3 rubygem-railties-3_2-3.2.12-0.7.9 as a component of SUSE Lifecycle Management Server 1.3 rubygem-actionpack-2_3-2.3.17-0.11.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem-activerecord-2_3-2.3.17-0.11.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem-activesupport-2_3-2.3.17-0.11.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem-activesupport-3_2-3.2.12-0.5.8 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem-rack-1_4-1.4.5-0.5.8 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem-activerecord-3_2-3.2.12-0.11.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 rubygem-actionmailer-3_2-3.2.12-0.5.9 as a component of SUSE Studio Onsite 1.3 rubygem-actionpack-3_2-3.2.12-0.7.1 as a component of SUSE Studio Onsite 1.3 rubygem-activemodel-3_2-3.2.12-0.5.8 as a component of SUSE Studio Onsite 1.3 rubygem-activerecord-3_2-3.2.12-0.7.1 as a component of SUSE Studio Onsite 1.3 rubygem-activeresource-3_2-3.2.12-0.5.8 as a component of SUSE Studio Onsite 1.3 rubygem-activesupport-3_2-3.2.12-0.5.8 as a component of SUSE Studio Onsite 1.3 rubygem-rack-1_4-1.4.5-0.5.8 as a component of SUSE Studio Onsite 1.3 rubygem-rails-3_2-3.2.12-0.5.10 as a component of SUSE Studio Onsite 1.3 rubygem-railties-3_2-3.2.12-0.7.9 as a component of SUSE Studio Onsite 1.3 susestudio-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-bundled-packages-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-common-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-runner-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-sid-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-ui-server-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 rubygem-actionpack-2_3-2.3.17-0.8.8.1 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activerecord-2_3-2.3.17-0.8.8.1 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activesupport-2_3-2.3.17-0.8.8.1 as a component of SUSE Studio Onsite Runner 1.2 rubygem-actionmailer-3_2-3.2.12-0.5.9 as a component of SUSE WebYast 1.3 rubygem-actionpack-3_2-3.2.12-0.7.1 as a component of SUSE WebYast 1.3 rubygem-activemodel-3_2-3.2.12-0.5.8 as a component of SUSE WebYast 1.3 rubygem-activerecord-3_2-3.2.12-0.7.1 as a component of SUSE WebYast 1.3 rubygem-activeresource-3_2-3.2.12-0.5.8 as a component of SUSE WebYast 1.3 rubygem-activesupport-3_2-3.2.12-0.5.8 as a component of SUSE WebYast 1.3 rubygem-rack-1_4-1.4.5-0.5.8 as a component of SUSE WebYast 1.3 rubygem-rails-3_2-3.2.12-0.5.10 as a component of SUSE WebYast 1.3 rubygem-railties-3_2-3.2.12-0.7.9 as a component of SUSE WebYast 1.3 The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. CVE-2013-1854 SUSE Lifecycle Management Server 1.3:rubygem-actionmailer-3_2-3.2.12-0.5.9 SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.7.1 SUSE Lifecycle Management Server 1.3:rubygem-activemodel-3_2-3.2.12-0.5.8 SUSE Lifecycle Management Server 1.3:rubygem-activerecord-3_2-3.2.12-0.7.1 SUSE Lifecycle Management Server 1.3:rubygem-activeresource-3_2-3.2.12-0.5.8 SUSE Lifecycle Management Server 1.3:rubygem-activesupport-3_2-3.2.12-0.5.8 SUSE Lifecycle Management Server 1.3:rubygem-rack-1_4-1.4.5-0.5.8 SUSE Lifecycle Management Server 1.3:rubygem-rails-3_2-3.2.12-0.5.10 SUSE Lifecycle Management Server 1.3:rubygem-railties-3_2-3.2.12-0.7.9 SUSE Linux Enterprise Software Development Kit 11 SP2:rubygem-actionpack-2_3-2.3.17-0.11.1 SUSE Linux Enterprise Software Development Kit 11 SP2:rubygem-activerecord-2_3-2.3.17-0.11.1 SUSE Linux Enterprise Software Development Kit 11 SP2:rubygem-activesupport-2_3-2.3.17-0.11.1 SUSE Linux Enterprise Software Development Kit 11 SP2:rubygem-activesupport-3_2-3.2.12-0.5.8 SUSE Linux Enterprise Software Development Kit 11 SP2:rubygem-rack-1_4-1.4.5-0.5.8 SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-activerecord-3_2-3.2.12-0.11.1 SUSE Studio Onsite 1.3:rubygem-actionmailer-3_2-3.2.12-0.5.9 SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.7.1 SUSE Studio Onsite 1.3:rubygem-activemodel-3_2-3.2.12-0.5.8 SUSE Studio Onsite 1.3:rubygem-activerecord-3_2-3.2.12-0.7.1 SUSE Studio Onsite 1.3:rubygem-activeresource-3_2-3.2.12-0.5.8 SUSE Studio Onsite 1.3:rubygem-activesupport-3_2-3.2.12-0.5.8 SUSE Studio Onsite 1.3:rubygem-rack-1_4-1.4.5-0.5.8 SUSE Studio Onsite 1.3:rubygem-rails-3_2-3.2.12-0.5.10 SUSE Studio Onsite 1.3:rubygem-railties-3_2-3.2.12-0.7.9 SUSE Studio Onsite 1.3:susestudio-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-common-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-runner-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-sid-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.1.0-0.5.2 SUSE Studio Onsite Runner 1.2:rubygem-actionpack-2_3-2.3.17-0.8.8.1 SUSE Studio Onsite Runner 1.2:rubygem-activerecord-2_3-2.3.17-0.8.8.1 SUSE Studio Onsite Runner 1.2:rubygem-activesupport-2_3-2.3.17-0.8.8.1 SUSE WebYast 1.3:rubygem-actionmailer-3_2-3.2.12-0.5.9 SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.7.1 SUSE WebYast 1.3:rubygem-activemodel-3_2-3.2.12-0.5.8 SUSE WebYast 1.3:rubygem-activerecord-3_2-3.2.12-0.7.1 SUSE WebYast 1.3:rubygem-activeresource-3_2-3.2.12-0.5.8 SUSE WebYast 1.3:rubygem-activesupport-3_2-3.2.12-0.5.8 SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.5.8 SUSE WebYast 1.3:rubygem-rails-3_2-3.2.12-0.5.10 SUSE WebYast 1.3:rubygem-railties-3_2-3.2.12-0.7.9 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P