ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

PT-2019-4672 · Ruby +8 · Ruby +8

Name of the Vulnerable Software and Affected Versions: Ruby versions 2.4.7 and earlier, 2.5.x through 2.5.6, 2.6.x through 2.6.4 Description: The issue is related to a regular expression Denial of Service caused by looping/backtracking in the WEBrick::HTTPAuth::DigestAuth class in Ruby. This can ...