CVE-2014-10077

Sažetak

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Reference

https://github.com/rubysec/ruby-advisory-db/pull/182/files
https://github.com/svenfuchs/i18n/pull/289
https://github.com/svenfuchs/i18n/releases/tag/v0.8.0
https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

13-12-2018 - 20:30

Objavljeno

06-11-2018 - 15:29