Sha256: adfc7402b45e005066d853b0bd48b243d4db0267ddfe01d5a5483714d8cb120d
Contents?: true
Size: 782 Bytes
Versions: 1
Compression:
Stored size: 782 Bytes
Contents
--- gem: rubygems-update library: rubygems cve: 2013-4363 osvdb: 97163 url: http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html title: RubyGems Multiple API Call Version Validation CPU Consumption DoS date: 2013-09-24 description: | RubyGems contains a flaw that may allow a denial of service. The issue is triggered when handling the gem build, Gem::Package, or Gem::PackageTask API calls, which attempt to validate the version of the program. This may allow a context-dependent attacker to cause a consumption of CPU resources and crash the program. This vulnerability is due to an incomplete fix for CVE-2013-4287, which allowed a denial of service via improper validation. cvss_v2: 4.3 patched_versions: - ~> 1.8.23.2 - ~> 1.8.27 - ~> 2.0.10 - ">= 2.1.5"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rubygems-update/CVE-2013-4363.yml |