Contents

---
engine: jruby
cve: 2011-4838
osvdb: 78116
url: http://jruby.org/2011/12/27/jruby-1-6-5-1
title: JRuby Hash Collision Form Parameter Parsing Remote DoS
date: 2011-12-27
description: |
  JRuby contains a flaw that may allow a remote denial of service. The issue is
  triggered when an attacker sends multiple crafted parameters which trigger
  hash collisions, and will result in loss of availability for the program via
  CPU consumption.
cvss_v2: 7.8
patched_versions:
  - ">= 1.6.5.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml
bundler-budit-0.6.2	data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml
bundler-budit-0.6.1	data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml
bundler-audit-0.6.1	data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml
bundler-audit-0.6.0	data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml
bundler-audit-0.5.0	data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml