ADVISORIES
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
- >= 2.8.1
DESCRIPTION
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.