CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.0%
Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby’s CGI module can be used to build web applications.
Ruby’s developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.
A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.
There is no known workaround at this time.
All Ruby 1.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12"
All Ruby 1.8.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-lang/ruby | < 1.8.2_pre3 | UNKNOWN |