Reporter Cloud Foundry
CVE-2014-9130: LibYAML vulnerability
- Cloud Foundry Ruby Buildpack versions prior to 1.6.25
Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.
OSS users are strongly encouraged to follow one of the mitigations below:
- Upgrade the Ruby Buildpack to v1.6.25  or later and restage all applications that use automated buildpack detection
Stanisław Pitucha and Jonathan Gray
-  <https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25>