Contents

---
gem: rubygems-update
library: rubygems
cve: 2013-4287
osvdb: 97163
url: http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html
title: RubyGems Multiple API Call Version Validation CPU Consumption DoS
date: 2013-09-09
description: |
  RubyGems contains a flaw that may allow a denial of service. The issue is
  triggered when handling the gem build, Gem::Package, or Gem::PackageTask API
  calls, which attempt to validate the version of the program. This may allow a
  context-dependent attacker to cause a consumption of CPU resources and crash
  the program.
cvss_v2: 4.3
patched_versions:
  - ~> 1.8.23.1
  - ~> 1.8.26
  - ~> 2.0.8
  - ">= 2.1.0"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/rubygems-update/CVE-2013-4287.yml