RubySec

Providing security resources for the Ruby community

CVE-2013-0184 (rack): CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS

ADVISORIES

GEM

rack

SEVERITY

CVSS v2: 4.3

PATCHED VERSIONS

  • ~> 1.1.5
  • ~> 1.2.7
  • ~> 1.3.9
  • >= 1.4.4

DESCRIPTION

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to “symbolized arbitrary strings.”