CVE-2014-0082 (ActionView vulnerability in Ruby on Rails)

  • Posted March 4, 2014

  • Assessed Risk Level: Medium

The text rendering component of ActionView is vulnerable to denial of service attacks. Strings in specially crafted headers are converted to symbols, but since the symbols are not removed by ruby's garbage collector, they can outgrow the heap and bring down the rails process. For more details please see:!topic/ruby-security-ann/ZaQ0-g1gUpc


  • Affected Versions: Puppet Enterprise 3.x
  • Resolved in Puppet Enterprise 3.2.0
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.