exploitDog

GHSA-f93j-hmcr-jcwh

Опубликовано: 19 авг. 2020

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Moped Rubygem Data Injection Vulnerability

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

Ссылки

Пакеты

Наименование

moped

rubygems

Затронутые версииВерсия исправления

< 1.5.3

1.5.3

Наименование

moped

rubygems

Затронутые версииВерсия исправления

>= 2.0.0, < 2.0.5

2.0.5

EPSS

Процентиль: 84%

0.02283

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2015-4410

CVSS3: 7.5

ubuntu

почти 6 лет назад

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

CVE-2015-4410

redhat

больше 10 лет назад

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

CVE-2015-4410

CVSS3: 7.5

nvd

почти 6 лет назад

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

CVE-2015-4410

CVSS3: 7.5

debian

почти 6 лет назад

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit ...

EPSS

Процентиль: 84%

0.02283

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-20