Lucene search

[email protected]CVE-2014-9490

HistoryJan 20, 2015 - 3:59 p.m.

CVE-2014-9490

2015-01-2015:59:05

CWE-399

[email protected]

web.nvd.nist.gov

cve

2014

9490

denial of service

raven-ruby gem

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.

Affected configurations

NVD

Node

getsentryraven-rubyRange≤0.12.1ruby

CPENameOperatorVersion
getsentry:raven-rubygetsentry raven-rubyle0.12.1

CPE	Name	Operator	Version
getsentry:raven-ruby	getsentry raven-ruby	le	0.12.1

References

seclists.org/oss-sec/2015/q1/26

exchange.xforce.ibmcloud.com/vulnerabilities/99687

github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f

groups.google.com/forum/#%21topic/getsentry/Cz5bih0ZY1U

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2014-9490

cvelist1 nvd1 prion1 github1 osv1