Sha256: 6bf1c28e8b5fc3ca2dcc538e5878c661bf28fd9fdba93ae268ceb3c4720a4119

Contents?: true

Size: 663 Bytes

Versions: 6

Compression:

Stored size: 663 Bytes

Contents

---
gem: activeresource
osvdb: 95749
url: http://osvdb.org/show/osvdb/95749
title: activeresource Gem for Ruby lib/active_resource/connection.rb request Function Multiple Variable Format String
date: 2008-08-15
description: |
  activeresource contains a format string flaw in the request function of
  lib/active_resource/connection.rb. The issue is triggered as format string
  specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input
  when passed via the 'result.code' and 'result.message' variables. This may
  allow a remote attacker to cause a denial of service or potentially execute
  arbitrary code.
patched_versions:
  - ">= 2.2.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml