Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RubyGems 拒绝服务漏洞
Vulnerability Description
RubyGems是RubyGems组织的一款Ruby程序包管理器,它主要用于发布和管理Ruby程序包。 Ruby 1.9.0至2.0.0p247版本中使用的RubyGems中的lib/rubygems/version.rb文件中的Gem::Version::VERSION_PATTERN函数中存在算法复杂漏洞,该漏洞源于正则表达式没有充分验证gem版本。远程攻击者可通过特制的gem版本利用该漏洞造成拒绝服务(CPU耗尽)。以下版本受到影响:RubyGems 1.8.23.1之前的版本,1.8.24至1.8
CVSS Information
N/A
Vulnerability Type
N/A