aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-11 22:56:50 -0200
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-18 15:02:54 -0300
commit388d2f88886e4da8cc9fd9e14c80a4021ef47da1 (patch)
treee4476da834119761ca19928402217485bd7ce5f3 /activesupport
parenteaa2101b294ef546cc3fb35cc3f49c73849ac470 (diff)
downloadrails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.gz
rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.bz2
rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.zip
Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
Diffstat (limited to 'activesupport')
0 files changed, 0 insertions, 0 deletions