Sha256: 8460765d7694c3da3d1ce813d962a1e0769f392e6f4eda3f42ea9c16c7a0c234

Contents?: true

Size: 633 Bytes

Versions: 5

Compression:

Stored size: 633 Bytes

Contents

---
library: rubygems
cve: 2013-4287
osvdb: 97163
url: http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html
title: RubyGems Multiple API Call Version Validation CPU Consumption DoS
date: 2013-09-09
description: |
  RubyGems contains a flaw that may allow a denial of service. The issue is
  triggered when handling the gem build, Gem::Package, or Gem::PackageTask API
  calls, which attempt to validate the version of the program. This may allow a
  context-dependent attacker to cause a consumption of CPU resources and crash
  the program.
cvss_v2: 4.3
patched_versions:
  - ~> 1.8.23.1
  - ~> 1.8.26
  - ~> 2.0.8
  - ">= 2.1.0"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/libraries/rubygems/CVE-2013-4287.yml
bundler-budit-0.6.1 data/ruby-advisory-db/libraries/rubygems/CVE-2013-4287.yml
bundler-audit-0.6.1 data/ruby-advisory-db/libraries/rubygems/CVE-2013-4287.yml
bundler-audit-0.6.0 data/ruby-advisory-db/libraries/rubygems/CVE-2013-4287.yml
bundler-audit-0.5.0 data/ruby-advisory-db/libraries/rubygems/CVE-2013-4287.yml