Skip to content

Commit f65bb8e

Browse files
jasnowpostmodern
jasnow
and
postmodern
authored
GHSA SYNC: 1 modified advisory; 1 new advisory - 2nd batch (#979)
--------- Co-authored-by: Postmodern <postmodern.mod3@gmail.com>
1 parent d67d653 commit f65bb8e

File tree

2 files changed

+44
-2
lines changed

2 files changed

+44
-2
lines changed

rubies/jruby/CVE-2011-4838.yml

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,23 @@
22
engine: jruby
33
cve: 2011-4838
44
osvdb: 78116
5-
url: http://jruby.org/2011/12/27/jruby-1-6-5-1
5+
ghsa: cgqc-fqxr-q6r6
6+
url: https://www.jruby.org/2011/12/27/jruby-1-6-5-1.html
67
title: "CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)"
78
date: 2011-12-27
89
description: |
910
JRuby before 1.6.5.1 computes hash values without restricting the ability
1011
to trigger hash collisions predictably, which allows context-dependent attackers
1112
to cause a denial of service (CPU consumption) via crafted input to an application
1213
that maintains a hash table.
13-
cvss_v2: 7.8
14+
cvss_v2: 5.0
1415
patched_versions:
1516
- ">= 1.6.5.1"
17+
related:
18+
url:
19+
- https://nvd.nist.gov/vuln/detail/CVE-2011-4838
20+
- https://www.jruby.org/2011/12/27/jruby-1-6-5-1.html
21+
- http://www.ocert.org/advisories/ocert-2011-003.html
22+
- https://www.kb.cert.org/vuls/id/903934
23+
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72019
24+
- https://github.com/advisories/GHSA-cgqc-fqxr-q6r6

rubies/ruby/CVE-2006-5467.yml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
---
2+
engine: ruby
3+
cve: 2006-5467
4+
ghsa: cgqx-jwj4-2jc4
5+
url: https://nvd.nist.gov/vuln/detail/CVE-2006-5467
6+
title: Denial of service vulnerabilities in the Ruby CGI
7+
date: 2006-10-27
8+
description: |
9+
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to
10+
cause a denial of service (infinite loop and CPU consumption) via
11+
an HTTP request with a multipart MIME body that contains an invalid
12+
boundary specifier, as demonstrated using a specifier that begins
13+
with a "-" instead of "--" and contains an inconsistent ID.
14+
cvss_v2: 5.0
15+
patched_versions:
16+
- "~> 1.8.5-p2"
17+
- ">= 1.9.0"
18+
related:
19+
url:
20+
- https://nvd.nist.gov/vuln/detail/CVE-2006-5467
21+
- https://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467
22+
- https://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library
23+
- https://cache.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch
24+
- http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
25+
- https://bugzilla.redhat.com/show_bug.cgi?id=212237
26+
- https://jvn.jp/en/jp/JVN84798830/index.html
27+
- http://security.gentoo.org/glsa/glsa-200611-12.xml
28+
- https://ubuntu.com/security/notices/USN-371-1
29+
- http://www.debian.org/security/2006/dsa-1234
30+
- https://lists.debian.org/debian-security-announce/2006/msg00337.html
31+
- https://web.archive.org/web/20071214135617/http://docs.info.apple.com/article.html?artnum=305530
32+
- https://web.archive.org/web/20080221113337/http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
33+
- https://github.com/advisories/GHSA-cgqx-jwj4-2jc4

0 commit comments

Comments
 (0)