WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby Improper Input Validation Vulnerability (CVE-2011-4815)

Description

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Remediation

References

Related Vulnerabilities

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-10959)

WordPress Plugin bib2html Cross-Site Scripting (0.9.3)

PHP Out-of-bounds Read Vulnerability (CVE-2019-9022)

EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-1240)

Severity

High

Classification

CVE-2011-4815 CWE-20

Tags

Missing Update Known Vulnerabilities