Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential Denial-of-Service in bindata
Vulnerability Description
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
BinData 安全漏洞
Vulnerability Description
BinData是开源的一种读取和写入结构化二进制数据的声明方式。BinData 使创建新数据类型变得容易。它支持在结构化二进制数据格式中找到的所有常见原始数据类型。内置了对依赖和可变长度字段的支持。 BinData RubyGem在2.4.10版本之前存在安全漏洞,该漏洞存在一个潜在的拒绝服务漏洞。
CVSS Information
N/A
Vulnerability Type
N/A