GHSA-v6j3-7jrw-hq2p

Source

https://github.com/advisories/GHSA-v6j3-7jrw-hq2p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v6j3-7jrw-hq2p/GHSA-v6j3-7jrw-hq2p.json

Aliases

CVE-2011-5036

Published

2022-05-17T04:59:13Z

Modified

2024-02-16T08:15:31.748284Z

Details

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

References

Affected packages

RubyGems / rack

Package

Name: rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.1.3

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0

0.9.0

0.9.1

1.*

1.0.0

1.0.1

1.1.0

1.1.1.pre

1.1.1

1.1.2

RubyGems / rack

Package

Name: rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

1.2.5

Affected versions

1.*

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

RubyGems / rack

Package

Name: rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.3.0

Fixed

1.3.6

Affected versions

1.*

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

Maven / org.jruby:jruby-parent

Package

Name: org.jruby:jruby-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.6.5.1