Ruby · Ruby · CVE-2009-1904
Name of the Vulnerable Software and Affected Versions:
Ruby versions 1.8.6 before p369
Ruby versions 1.8.7 before p173
Description:
The BigDecimal library in Ruby allows context-dependent attackers to cause a denial of service, resulting in an application crash. This can be achieved by providing a string argument that represents a large number, which is then attempted to be converted to the Float data type.
Recommendations:
For Ruby version 1.8.6, update to p369 or later to resolve the issue.
For Ruby version 1.8.7, update to p173 or later to resolve the issue.