RubySec

Providing security resources for the Ruby community

CVE-2014-10077 (i18n): i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS

ADVISORIES

GEM

i18n

PATCHED VERSIONS

  • >= 0.8.0

DESCRIPTION

i18n Gem for Ruby contains a flaw in the Hash#slice() function in lib/i18n/core_ext/hash.rb that is triggered when calling a hash when :some_key is in keep_keys but not in the hash. This may allow an attacker to cause the program to crash.