2 matches found
CVE-2009-5147
CVE-2009-5147 affects Ruby’s DL::dlopen by allowing libraries with tainted names to be opened on several Ruby releases (1.8, 1.9.x, 2.0.0 pre-patch 648, and 2.1 pre-2.1.8). Connected materials document a regression in later Ruby/fiddle handling (CVE-2015-7551) that ties back to this regression an...
CVE-2014-6438
CVE-2014-6438: The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service via a crafted string, due to catastrophic regular expression backtracking and related resource consumption or application crash. The issue affects Ruby versions p...