Sha256: 4d6b59a88cc44dc2ced39febd17454092d5ad2cac7f4d6660cc4f5a37827fa06
Contents?: true
Size: 786 Bytes
Versions: 1
Compression:
Stored size: 786 Bytes
Contents
---
gem: user_agent_parser
cve: 2020-5243
ghsa: pcqq-5962-hvcw
url: https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw
date: 2020-03-10
title: Denial of Service in uap-core when processing crafted User-Agent strings
description: |-
### Impact
Some regexes are vulnerable to regular expression denial of service (REDoS) due to
overlapping capture groups. This allows remote attackers to overload a server by
setting the User-Agent header in an HTTP(S) request to maliciously crafted long
strings.
### Patches
Please update `uap-ruby` to >= v2.6.0
### For more information
https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p
cvss_v3: 5.7
patched_versions:
- ">= 2.6.0"
related:
ghsa:
- cmcx-xhr8-3w9p
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/user_agent_parser/CVE-2020-5243.yml |