CVE-2013-6414 — actionpack Improper Input Validation vulnerability

Description

`actionpack/lib/action_view/lookup_context.rb` in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

How to fix CVE-2013-6414

To remediate CVE-2013-6414, upgrade the affected package to a fixed version below.

RubyGems/actionpack—upgrade to 3.2.16 or later

Is CVE-2013-6414 being exploited?

Likely — EPSS is 70.8%, placing CVE-2013-6414 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

>= 3.0.0, < 3.2.16

References (18)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-6414
PATCHgithub.com/rails/rails
WEBlists.opensuse.org/opensuse-updates/2013-12/msg00079.html
WEBlists.opensuse.org/opensuse-updates/2013-12/msg00081.html
WEB