Sha256: 1424dd2404d01d340a703f20e91821c4291d023d9143bbb0623ad2f56d94c21e

Contents?: true

Size: 595 Bytes

Versions: 6

Compression:

Stored size: 595 Bytes

Contents

---
gem: moped 
cve: 2015-4410
url: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
title: Data Injection Vulnerability in moped Rubygem
date: 2015-06-04

description: >-
  A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

vendor_patch: 
  - https://github.com/mongoid/moped/compare/e5fc928bcb5b7b89d171e31e31483be4185971b9...32cba17ad7d3da326778b4d8cd4b52e75bca9d40
  - https://github.com/mongoid/moped/commit/276fbfd23c5ffb65e6bd18d564c8b6878c2498ac

patched_versions:
  - "~> 1.5.3"
  - ">= 2.0.5"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml