Lucene search
GoogleOSV:DLA-263-1HistoryJul 01, 2015 - 12:00 a.m.
ruby1.9.1 - security update
2015-07-0100:00:00
Google
osv.dev
24
EPSS
0.02
Percentile
88.9%
Two vulnerabilities were identified in the Ruby language interpreter,
version 1.9.1.
- CVE-2012-5371
Jean-Philippe Aumasson identified that Ruby computed hash values
without properly restricting the ability to trigger hash collisions
predictably, allowing context-dependent attackers to cause a denial
of service (CPU consumption). This is a different vulnerability than
CVE-2011-4815. - CVE-2013-0269
Thomas Hollstegge and Ben Murphy found that the JSON gem for Ruby
allowed remote attackers to cause a denial of service (resource
consumption) or bypass the mass assignment protection mechanism via
a crafted JSON document that triggers the creation of arbitrary Ruby
symbols or certain internal objects.
For the squeeze distribution, theses vulnerabilities have been fixed in
version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade
your ruby1.9.1 package.
References
Related
openvas
openvas
Debian: Security Advisory (DLA-263-1)
2023-03-08 00:00:00
Ubuntu Update for ruby1.9.1 USN-1733-1
2013-02-22 00:00:00
Ubuntu: Security Advisory (USN-1733-1)
2013-02-22 00:00:00
debian
debian
[SECURITY] [DLA 263-1] ruby1.9.1 security update
2015-07-01 10:09:26
[SECURITY] [DLA 215-1] libjson-ruby security update
2015-04-30 16:34:41
[SECURITY] [DLA 2192-1] ruby2.1 security update
2020-04-30 22:01:47
nessus
nessus
Debian DLA-263-1 : ruby1.9.1 security update
2015-07-02 00:00:00
Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1733-1)
2013-02-22 00:00:00
Fedora 18 : ruby-1.9.3.327-22.fc18 (2012-17949)
2012-11-26 00:00:00
cve
cve
ubuntucve
ubuntucve
nvd
nvd
prion
prion
Design/Logic Flaw
2012-11-28 13:03:00
Code injection
2011-12-30 01:55:00
Sql injection
2013-02-13 01:55:00
cvelist
cvelist
rubygems
rubygems
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
2011-12-27 20:00:00
Unsafe Object Creation Vulnerability in JSON (Additional fix)
2020-03-18 21:00:00
securityvulns
securityvulns
Ruby multiple security vulnerabilities
2013-02-24 00:00:00
[USN-1733-1] Ruby vulnerabilities
2013-02-24 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2013-02-21 00:00:00
Ruby vulnerabilities
2012-02-28 00:00:00
slackware
slackware
[slackware-security] ruby
2012-12-07 03:51:38
ruby
2013-03-16 01:11:53
fedora
fedora
[SECURITY] Fedora 18 Update: ruby-1.9.3.327-22.fc18
2012-11-23 07:52:57
[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16
2012-01-11 06:06:56
[SECURITY] Fedora 18 Update: rubygem-json-1.6.8-1.fc18
2013-03-05 23:31:15
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:53:45
Denial Of Service (DoS)
2020-04-10 01:07:08
Denial Of Service (DoS)
2020-03-23 03:14:43
freebsd
freebsd
ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-10 00:00:00
Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON
2013-02-11 00:00:00
seebug
seebug
Ruby哈希冲突拒绝服务漏洞
2011-12-30 00:00:00
amazon
amazon
Important: ruby
2012-01-19 20:02:00
Medium: ruby19, ruby21
2020-08-26 23:10:00
Medium: rubygem-json
2020-08-26 23:09:00
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security update
2012-01-30 00:00:00
jvn
jvn
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
2012-07-06 00:00:00
centos
centos
ruby security update
2012-01-30 20:27:31
irb, ruby security update
2012-01-30 18:44:29
redhat
redhat
(RHSA-2012:0069) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
suse
suse
Security update for rubygem-json_pure (important)
2013-04-09 19:04:58
Security update for rubygem-json_pure (important)
2013-04-03 20:08:23
Security update for rubygem-extlib (important)
2013-04-03 20:10:37
osv
osv
JSON gem has Improper Input Validation vulnerability
2017-10-24 18:33:37
CVE-2020-10663
2020-04-28 21:15:11
Unsafe object creation in json RubyGem
2020-07-27 18:08:21
github
github
JSON gem has Improper Input Validation vulnerability
2017-10-24 18:33:37
Unsafe object creation in json RubyGem
2020-07-27 18:08:21
debiancve
debiancve
CVE-2013-0269
2013-02-13 01:55:05
CVE-2020-10663
2020-04-28 21:15:11
hackerone
hackerone
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
redhatcve
redhatcve
CVE-2020-10663
2020-04-24 04:33:39
alpinelinux
alpinelinux
CVE-2020-10663
2020-04-28 21:15:11
threatpost
threatpost
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00