Sha256: a7495404d691f20bd27813f14dd0bf7776bf334e3ba9282bc2bcc943ab78b38b

Contents?: true

Size: 622 Bytes

Versions: 5

Compression:

Stored size: 622 Bytes

Contents

---
gem: rack
cve: 2012-6109
osvdb: 89317
url: http://osvdb.org/show/osvdb/89317
title: |
  Rack Regular Expressions Engine Content-Disposition Header Parsing Infinite Loop Remote DoS
date: 2012-05-04

description: |
  Rack contains a flaw in the Regular Expressions Engine that may allow a remote
  denial of service. The issue is triggered when parsing context-disposition
  headers. With a specially crafted header, a remote attacker can cause an
  infinite loop, which will result in a loss of availability for the webserver.

cvss_v2: 4.3
patched_versions:
  - "~> 1.1.4"
  - "~> 1.2.6"
  - "~> 1.3.7"
  - ">= 1.4.2"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rack/OSVDB-89317.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rack/OSVDB-89317.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/rack/OSVDB-89317.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/rack/OSVDB-89317.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/rack/OSVDB-89317.yml