ADVISORIES
- CVE-2014-9490 (NVD)
- GHSA-c9c5-9fpr-m882
- OSVDB-115654
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
- >= 0.12.2
DESCRIPTION
Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service.