5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.017 Low
EPSS
Percentile
86.1%
libYAML 0.1.6 (and 0.1.5) has a DoS vulnerablitity known as CVE-2014-9130.
Now Ruby 2.4.x bundles fixed version 0.1.7, but 2.3.x and 2.2.x still bundle 0.1.6.
Note that I’m the maintainer of Ruby 2.3.x and 2.2.x.
Therefore, this report is a kind of remainder.