CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
88.3%
Ruby Gem developers report:
RubyGems validates versions with a regular expression that is
vulnerable to denial of service due to backtracking. For specially
crafted RubyGems versions attackers can cause denial of service
through CPU consumption.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | ruby19-gems | < 1.8.26 | UNKNOWN |
FreeBSD | any | noarch | ruby20-gems | < 1.8.26 | UNKNOWN |