Denial of Service Vulnerability in Action Mailer Log Subscriber in Ruby on Rails 3.x before 3.2.15

Denial of Service Vulnerability in Action Mailer Log Subscriber in Ruby on Rails 3.x before 3.2.15

CVE-2013-4389 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.

Learn more about our Web Application Penetration Testing UK.