CVE-2014-0082

Name of the Vulnerable Software and Affected Versions Action View in Ruby on Rails versions 3.x through 3.2.16

Description The issue allows remote attackers to cause a denial of service, specifically memory consumption, by including certain MIME type strings in headers. This occurs when the :text option is used with the render method. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Technical details include the conversion of MIME type strings to symbols during the use of the render method, which can be exploited by including these strings in headers, affecting the actionpack/lib/action view/template/text.rb component.

Recommendations For Action View in Ruby on Rails versions 3.x through 3.2.16, update to version 3.2.17 or later to resolve the issue. As a temporary workaround, consider restricting the use of the :text option with the render method to minimize the risk of exploitation. Avoid using the render method with untrusted input to prevent memory consumption attacks.