i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Published: September 27, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-10077 (NVD)
- GHSA: GHSA-34hf-g744-jw64
- Vendor Advisory: https://github.com/svenfuchs/i18n/pull/289
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
>= 0.8.0
DESCRIPTION
i18n Gem for Ruby contains a flaw in the Hash#slice() function in lib/i18n/core_ext/hash.rb that is triggered when calling a hash when :some_key is in keep_keys but not in the hash. This may allow an attacker to cause the program to crash.
RELATED
- OSVDB-121500