CVE-2014-0082

Published: 20 February 2014

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Priority

Medium

Status

Package Release Status
rails
Launchpad, Ubuntu, Debian
Upstream
Released (3.2.17)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(contains no code)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(contains no code)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [contains no code])
rails-4.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
ruby-actionpack-2.3
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

ruby-actionpack-3.2
Launchpad, Ubuntu, Debian
Upstream
Released (3.2.17)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ