Description
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)
WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)
WordPress Plugin WP Font Awesome Cross-Site Scripting (1.7.8)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4402)
ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)