diff options
author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-11 22:56:50 -0200 |
---|---|---|
committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:02:54 -0300 |
commit | 388d2f88886e4da8cc9fd9e14c80a4021ef47da1 (patch) | |
tree | e4476da834119761ca19928402217485bd7ce5f3 /activesupport | |
parent | eaa2101b294ef546cc3fb35cc3f49c73849ac470 (diff) | |
download | rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.gz rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.bz2 rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.zip |
Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
Diffstat (limited to 'activesupport')
0 files changed, 0 insertions, 0 deletions