ADVISORIES
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
- >= 0.6.1
DESCRIPTION
A remote attacker can execute arbitrary commands by sending a crafted request to the server.
This is due to the use of Oj.load instead of Oj.strict_load when processing messages.
Note that slanger is no longer maintained.