6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.045 Low
EPSS
Percentile
92.4%
Ruby developers report:
Any time a string is converted to a floating point value, a
specially crafted string can cause a heap overflow. This can lead
to a denial of service attack via segmentation faults and possibly
arbitrary code execution. Any program that converts input of
unknown origin to floating point values (especially common when
accepting JSON) are vulnerable.