|Description||actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
|Debian Bugs||731288, 731290|
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
- rails <not-affected> (vulnerable code not present)
Starting with 22.214.171.124 rails is a transition package