Jamis Buck

**Name of the Vulnerable Software and Affected Versions** Ruby 1.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and CPU consumption. This is achieved through an HTTP request with a multipart MIME body containing an invalid boundary specifier. For example, using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. **Recommendations** For Ruby 1.8, as a temporary workaround, consider restricting the handling of multipart MIME bodies until a patch is available. Avoid processing HTTP requests with invalid boundary specifiers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.