GHSA-rg5m-3fqp-6px8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rg5m-3fqp-6px8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-rg5m-3fqp-6px8/GHSA-rg5m-3fqp-6px8.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-rg5m-3fqp-6px8
- Aliases
-
- CVE-2013-4389
- Published
- 2017-10-24T18:33:37Z
- Modified
- 2024-12-06T05:28:12.265673Z
- Summary
- actionmailer email address processing causes Denial of service
- Details
-
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
- Database specific
{ "cwe_ids": [ "CWE-134" ], "nvd_published_at": "2013-10-17T00:55:03Z", "github_reviewed_at": "2020-06-16T21:54:42Z", "github_reviewed": true, "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-4389
- https://github.com/advisories/GHSA-rg5m-3fqp-6px8
- https://github.com/rails/rails/tree/main/actionmailer
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml
- https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
- http://www.debian.org/security/2014/dsa-2887
- http://www.debian.org/security/2014/dsa-2888
Affected packages
RubyGems / actionmailer
Package
- Name
- actionmailer
- Purl
- pkg:gem/actionmailer
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4.rc1
3.0.4
3.0.5.rc1
3.0.5
3.0.6.rc1
3.0.6.rc2
3.0.6
3.0.7.rc1
3.0.7.rc2
3.0.7
3.0.8.rc1
3.0.8.rc2
3.0.8.rc4
3.0.8
3.0.9.rc1
3.0.9.rc3
3.0.9.rc4
3.0.9.rc5
3.0.9
3.0.10.rc1
3.0.10
3.0.11
3.0.12.rc1
3.0.12
3.0.13.rc1
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.1.0.beta1
3.1.0.rc1
3.1.0.rc2
3.1.0.rc3
3.1.0.rc4
3.1.0.rc5
3.1.0.rc6
3.1.0.rc8
3.1.0
3.1.1.rc1
3.1.1.rc2
3.1.1.rc3
3.1.1
3.1.2.rc1
3.1.2.rc2
3.1.2
3.1.3
3.1.4.rc1
3.1.4
3.1.5.rc1
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.2.0.rc1
3.2.0.rc2
3.2.0
3.2.1
3.2.2.rc1
3.2.2
3.2.3.rc1
3.2.3.rc2
3.2.3
3.2.4.rc1
3.2.4
3.2.5
3.2.6
3.2.7.rc1
3.2.7
3.2.8.rc1
3.2.8.rc2
3.2.8
3.2.9.rc1
3.2.9.rc2
3.2.9.rc3
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13.rc1
3.2.13.rc2
3.2.13
3.2.14.rc1
3.2.14.rc2
3.2.14
3.2.15.rc1
3.2.15.rc2
3.2.15.rc3