CVE-2014-0082 medium severity vulnerability detected by WhiteSource

[mend-bolt-for-github]

CVE-2014-0082 - Medium Vulnerability

⚠️ Vulnerable Library - actionpack-3.0.1.gem

path: /tmp/git/sample_app/Gemfile.lock

Dependency Hierarchy:

• factory_girl_rails-1.0.gem (Root Library)
  • rails-3.0.1.gem
    • actionmailer-3.0.1.gem
      • ❌ actionpack-3.0.1.gem (Vulnerable Library)

🔴 Vulnerability Details

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Publish Date: 2014-02-20

URL: CVE-2014-0082

🎯 CVSS 2 Score Details (5.0)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: N/A
  • Attack Complexity: N/A
  • Privileges Required: N/A
  • User Interaction: N/A
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

---

Want to learn more about the open source vulnerabilities in your products? Click here