PT-2017-5976 · Ruby · Ruby

Postmodern

·

Publicado

2017-09-06

·

Atualizado

2017-09-11

·

CVE-2014-6438

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 1.9.2-p330
Description: The issue allows remote attackers to cause a denial of service via a crafted string, potentially leading to catastrophic regular expression backtracking, resource consumption, or application crash. This is due to a problem in the URI.decode www form component method.
Recommendations: For versions prior to 1.9.2-p330, update to version 1.9.2-p330 or later to resolve the issue.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2014-6438
DLA-275-1
RHSA-2026:7305
RHSA-2026:7307
RHSA-2026:8838

Produtos afetados

Ruby