Name of the Vulnerable Software and Affected Versions uap-ruby versions prior to 2.6.0

Description The issue concerns regular expression denial of service (REDoS) due to overlapping capture groups in some regexes. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings.

Recommendations For versions prior to 2.6.0, update uap-ruby to version 2.6.0 or later.