Postmodern

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 1.9.2-p330 Description: The issue allows remote attackers to cause a denial of service via a crafted string, potentially leading to catastrophic regular expression backtracking, resource consumption, or application crash. This is due to a problem in the URI.decode www form component method. Recommendations: For versions prior to 1.9.2-p330, update to version 1.9.2-p330 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ushahidi Platform versions prior to 2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through vectors related to (1) the `verify` function in `application/controllers/alerts.php`, (2) the `save all` function in `application/models/settings.php`, or (3) the media type to the `timeline` function in `application/controllers/json.php`. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue.