GHSA-qh4w-7pw3-p4rp

Опубликовано: 29 апр. 2020

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

BSON rubygem contains potential denial of service

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

Ссылки

Пакеты

Наименование

bson

rubygems

Затронутые версииВерсия исправления

< 3.0.4

3.0.4

EPSS

Процентиль: 86%

0.0308

Низкий

7.5 High

CVSS3

CVE ID

CVE-2015-4411

Дефекты

CWE-400

Связанные уязвимости

CVE-2015-4411

CVSS3: 7.5

ubuntu

почти 6 лет назад

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.