Overview

CVE-2103-6414 (Action View vulnerability in Ruby on Rails)

  • Posted December 26, 2013

  • Assessed Risk Level: Medium

Ruby on Rails is vulnerable to headers containing an invalid MIME type that allows attackers to issue denial of service through memory consumption, which leads to excessive caching.

Status

  • Affected Versions: Puppet Enterprise 3.x
  • Resolved in Puppet Enterprise 3.1.1