RubySec

Providing security resources for the Ruby community

CVE-2014-9490 (sentry-raven): sentry-raven Gem for Ruby contains a flaw that can result in a denial of service

ADVISORIES

GEM

sentry-raven

SEVERITY

CVSS v2: 5.0

PATCHED VERSIONS

  • >= 0.12.2

DESCRIPTION

Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service.