---
engine: ruby
cve: 2019-16201
url: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
title: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication
date: 2019-10-01
description: |
  Regular expression denial of service vulnerability of WEBrick’s Digest
  authentication module was found. An attacker can exploit this vulnerability
  to cause an effective denial of service against a WEBrick service.
patched_versions:
  - "~> 2.4.8"
  - "~> 2.5.7"
  - "~> 2.6.5"
  - "> 2.7.0-preview1"