RubySec

Providing security resources for the Ruby community

CVE-2015-4410 (moped): Data Injection Vulnerability in moped Rubygem

ADVISORIES

GEM

moped

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

  • ~> 1.5.3
  • >= 2.0.5

DESCRIPTION

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories