Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
References
Link | Resource |
---|---|
https://github.com/svenfuchs/i18n/releases/tag/v0.8.0 | Release Notes Third Party Advisory |
https://github.com/svenfuchs/i18n/pull/289 | Patch Third Party Advisory |
https://github.com/rubysec/ruby-advisory-db/pull/182/files | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html | Third Party Advisory |
Information
Published : 2018-11-06 07:29
Updated : 2018-12-13 12:30
NVD link : CVE-2014-10077
Mitre link : CVE-2014-10077
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
debian
- debian_linux
i18n_project
- i18n