Sha256: d0fa805b4e73ce40e48c12d1aa66859a77055c042bd5aa2547b6161737eeded4

Contents?: true

Size: 632 Bytes

Versions: 3

Compression:

Stored size: 632 Bytes

Contents

---
engine: ruby
cve: 2018-8777
url: https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
title: DoS by large request in WEBrick
date: 2018-03-28
description: |
  There is a out-of-memory DoS vulnerability with a large request in WEBrick
  bundled with Ruby

  If an attacker sends a large request which contains huge HTTP headers,
  WEBrick try to process it on memory, so the request causes the out-of-memory
  DoS attack.

  All users running an affected release should upgrade immediately.
patched_versions:
  - "~> 2.2.10"
  - "~> 2.3.7"
  - "~> 2.4.4"
  - "~> 2.5.1"
  - "> 2.6.0-preview1"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2018-8777.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2018-8777.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2018-8777.yml