Project's rails version is vulnerable to DoS on using render :text RB-A1011

Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the render: :text option, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. Upgrading to newer versions of Rails can help fix this issue.

References

1. CVE-2014-0082 - Rails Security Group
2. CVE-2014-0082 - GitHub Advisory Database
3. OWASP Top 10 - A5 - Broken Access Control
4. OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
5. SANS 25 - CWE-400 - Uncontrolled Resource Consumption